CVE-2020-7651

medium

Description

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.

References

https://updates.snyk.io/snyk-broker-security-fixes-152338

https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610

Details

Source: Mitre, NVD

Published: 2020-05-29

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N