Path Traversal in glance
Moderate severity
GitHub Reviewed
Published
Jul 26, 2018
to the GitHub Advisory Database
•
Updated Jan 31, 2023
Description
Published by the National Vulnerability Database
Jun 7, 2018
Published to the GitHub Advisory Database
Jul 26, 2018
Reviewed
Jun 16, 2020
Last updated
Jan 31, 2023
Versions of
glance
before 3.0.4 are vulnerable to a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.Recommendation
Update to version 3.0.4 or later.
References