{"api_version":"1","generated_at":"2026-04-23T09:05:51+00:00","cve":"CVE-2022-25937","urls":{"html":"https://cve.report/CVE-2022-25937","api":"https://cve.report/api/cve/CVE-2022-25937.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-25937","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-25937"},"summary":{"title":"CVE-2022-25937","description":"Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).","state":"PUBLIC","assigner":"report@snyk.io","published_at":"2023-02-13 05:15:00","updated_at":"2023-11-07 03:44:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://security.snyk.io/vuln/SNYK-JS-GLANCE-3318395","name":"https://security.snyk.io/vuln/SNYK-JS-GLANCE-3318395","refsource":"MISC","tags":[],"title":"Directory Traversal in glance | CVE-2022-25937 | Snyk","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac","name":"https://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac","refsource":"MISC","tags":[],"title":"Fix path traversal vulnerability · jarofghosts/glance@8cecfe9 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-25937","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25937","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"25937","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"glance_project","cpe5":"glance","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"node.js","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-25937","ASSIGNER":"report@snyk.io","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Directory Traversal","cweId":"CWE-22"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"glance","version":{"version_data":[{"version_affected":"<","version_name":"0","version_value":"3.0.9"}]}}]}}]}},"references":{"reference_data":[{"url":"https://security.snyk.io/vuln/SNYK-JS-GLANCE-3318395","refsource":"MISC","name":"https://security.snyk.io/vuln/SNYK-JS-GLANCE-3318395"},{"url":"https://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac","refsource":"MISC","name":"https://github.com/jarofghosts/glance/commit/8cecfe90286e0c45a5494067f1b592d0ccfeabac"}]},"credits":[{"lang":"en","value":"Liran Tal - Snyk Research Team"}],"impact":{"cvss":[{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P"}]}},"nvd":{"publishedDate":"2023-02-13 05:15:00","lastModifiedDate":"2023-11-07 03:44:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:glance_project:glance:*:*:*:*:*:node.js:*:*","versionEndExcluding":"3.0.9","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}