snyk-broker@3.7.1 vulnerabilities

Broker for private communication between internal systems and outside public systems

  • latest version

    4.203.1

  • latest non vulnerable version

  • first published

    8 years ago

  • latest version published

    1 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the snyk-broker package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Information Exposure

    snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment.

    Affected versions of this package are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.

    How to fix Information Exposure?

    Upgrade snyk-broker to version 4.73.1 or higher.

    <4.73.1
    • M
    Arbitrary File Read

    snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment.

    Affected versions of this package are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.

    How to fix Arbitrary File Read?

    Upgrade snyk-broker to version 4.80.0 or higher.

    <4.80.0
    • M
    Arbitrary File Read

    snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment.

    Affected versions of this package are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by renaming files to match whitelisted paths.

    How to fix Arbitrary File Read?

    Upgrade snyk-broker to version 4.80.0 or higher.

    <4.80.0
    • M
    Arbitrary File Read

    snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment.

    Affected versions of this package are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.

    How to fix Arbitrary File Read?

    Upgrade snyk-broker to version 4.79.0 or higher.

    <4.79.0
    • M
    Directory Traversal

    snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment.

    Affected versions of this package are vulnerable to Directory Traversal. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.

    How to fix Directory Traversal?

    Upgrade snyk-broker to version 4.73.0 or higher.

    <4.73.0
    • M
    Arbitrary File Read

    snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment.

    Affected versions of this package are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. #package.json

    How to fix Arbitrary File Read?

    Upgrade snyk-broker to version 4.72.2 or higher.

    <4.72.2