@openclaw/feishu 2026.3.10

Direct Vulnerabilities

Known vulnerabilities in the @openclaw/feishu package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Incorrect Authorization @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) Affected versions of this package are vulnerable to Incorrect Authorization via the `upload_image` process in the Feishu extension. An attacker can access arbitrary files outside the intended file-system sandbox by submitting crafted upload paths. How to fix Incorrect Authorization? A fix was pushed into the `master` branch but not yet published.	>=2026.2.6
H Allocation of Resources Without Limits or Throttling @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the `installRequestBodyLimitGuard` function in the Feishu webhook handler, which applies permissive body size and timeout limits before authentication. An attacker can exhaust server connection resources and block legitimate webhook deliveries by sending multiple slow HTTP POST requests to the affected endpoint. How to fix Allocation of Resources Without Limits or Throttling? A fix was pushed into the `master` branch but not yet published.	*
M Incorrect Authorization @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) Affected versions of this package are vulnerable to Incorrect Authorization via the callback handling process. An attacker can gain unauthorized access to callback functionality by sending specially crafted legacy raw card payloads that bypass recipient pairing checks. How to fix Incorrect Authorization? A fix was pushed into the `master` branch but not yet published.	>=0.0.0
H Allocation of Resources Without Limits or Throttling @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Feishu webhook handling process. An attacker can cause excessive resource consumption by sending unauthenticated requests that are fully parsed before signature validation. How to fix Allocation of Resources Without Limits or Throttling? A fix was pushed into the `master` branch but not yet published.	>=0.0.0
M Incorrect Authorization @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) Affected versions of this package are vulnerable to Incorrect Authorization via the event authorization. An attacker can bypass group authorization and mention gating by crafting a synthetic reaction event with an omitted `chat_type` field, causing the system to misclassify a group conversation as a direct message. How to fix Incorrect Authorization? Upgrade `@openclaw/feishu` to version 2026.3.12 or higher.	<2026.3.12

Vulnerability

Vulnerable Version

Incorrect Authorization