glance

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting glancepage 1 of 1

CVE-2018-3715MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.0.4
2018-06-07
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.
CVE-2018-3748MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.0.8
2018-07-03
There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code…
CVE-2022-25937MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.0.9
2023-02-13
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https:/…

Check whether glance is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for glance CVEs against the assets you own.

Start Free Scan →