{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-25937","assignerOrgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","state":"PUBLISHED","assignerShortName":"snyk","dateReserved":"2022-02-24T11:58:27.018Z","datePublished":"2023-02-13T05:00:01.128Z","dateUpdated":"2025-03-21T14:52:00.741Z"},"containers":{"cna":{"metrics":[{"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P"}}],"credits":[{"value":"Liran Tal - Snyk Research Team","lang":"en"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"Directory Traversal","lang":"en"}]}],"providerMetadata":{"orgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","shortName":"snyk","dateUpdated":"2023-02-13T05:00:01.128Z"},"descriptions":[{"value":"Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).\r\r","lang":"en"}],"references":[{"url":"https://security.snyk.io/vuln/SNYK-JS-GLANCE-3318395"},{"url":"https://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac"}],"affected":[{"product":"glance","versions":[{"version":"0","lessThan":"3.0.9","status":"affected","versionType":"semver"}],"vendor":"n/a"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T04:49:44.550Z"},"title":"CVE Program Container","references":[{"url":"https://security.snyk.io/vuln/SNYK-JS-GLANCE-3318395","tags":["x_transferred"]},{"url":"https://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-22","lang":"en","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-21T14:51:44.639555Z","id":"CVE-2022-25937","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-21T14:52:00.741Z"}}]}}