Unauthorized File Access in glance

Published: Sep 2, 2020
Updated: Apr 14, 2023
GHSA: <a href="https://github.com/advisories/GHSA-vw7g-jq9m-3q9v" target="_blank" rel="noopener"> GHSA-vw7g-jq9m-3q9v
Severity: Medium
Exploit:

Versions of glance prior to 3.0.7 are vulnerable to Unauthorized File Access. The package provides a --nodot option meant to hide files and directories with names that begin with a ., such as .git but fails to hide files inside a folder that begins with ..