snyk-broker 4.26.0 vulnerabilities

Known vulnerabilities in the snyk-broker package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Information Exposure snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment. Affected versions of this package are vulnerable to Information Exposure. It logs private keys if logging level is set to `DEBUG`. How to fix Information Exposure? Upgrade `snyk-broker` to version 4.73.1 or higher.	<4.73.1
M Arbitrary File Read snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment. Affected versions of this package are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths. How to fix Arbitrary File Read? Upgrade `snyk-broker` to version 4.80.0 or higher.	<4.80.0
M Arbitrary File Read snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment. Affected versions of this package are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by renaming files to match whitelisted paths. How to fix Arbitrary File Read? Upgrade `snyk-broker` to version 4.80.0 or higher.	<4.80.0
M Arbitrary File Read snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment. Affected versions of this package are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API. How to fix Arbitrary File Read? Upgrade `snyk-broker` to version 4.79.0 or higher.	<4.79.0
M Directory Traversal snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment. Affected versions of this package are vulnerable to Directory Traversal. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. How to fix Directory Traversal? Upgrade `snyk-broker` to version 4.73.0 or higher.	<4.73.0
M Arbitrary File Read snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment. Affected versions of this package are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json` How to fix Arbitrary File Read? Upgrade `snyk-broker` to version 4.72.2 or higher.	<4.72.2

Vulnerability

Vulnerable Version

Information Exposure

snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment.

Affected versions of this package are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.

How to fix Information Exposure?

Upgrade snyk-broker to version 4.73.1 or higher.

<4.73.1

Arbitrary File Read

Affected versions of this package are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.

How to fix Arbitrary File Read?

Upgrade snyk-broker to version 4.80.0 or higher.

<4.80.0

Arbitrary File Read

Affected versions of this package are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by renaming files to match whitelisted paths.

How to fix Arbitrary File Read?

Upgrade snyk-broker to version 4.80.0 or higher.

<4.80.0

Arbitrary File Read

Affected versions of this package are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.

How to fix Arbitrary File Read?

Upgrade snyk-broker to version 4.79.0 or higher.

<4.79.0

Directory Traversal

Affected versions of this package are vulnerable to Directory Traversal. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.

How to fix Directory Traversal?

Upgrade snyk-broker to version 4.73.0 or higher.

<4.73.0

Arbitrary File Read

Affected versions of this package are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. #package.json

How to fix Arbitrary File Read?

Upgrade snyk-broker to version 4.72.2 or higher.

<4.72.2

snyk-broker@4.26.0 vulnerabilities

Broker for private communication between internal systems and outside public systems

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?