2026.7.1
5 months ago
2 days ago
Known vulnerabilities in the @openclaw/feishu package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
@openclaw/feishu is an OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) Affected versions of this package are vulnerable to Incorrect Authorization in the How to fix Incorrect Authorization? Upgrade | <2026.6.9 |
@openclaw/feishu is an OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) Affected versions of this package are vulnerable to Incorrect Authorization due to the How to fix Incorrect Authorization? Upgrade | <2026.6.9 |
@openclaw/feishu is an OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) Affected versions of this package are vulnerable to Incorrect Authorization through the Feishu card-action callback process. An attacker can bypass intended policy restrictions by crafting a card-action event that misclassifies direct messages as group conversations, thereby avoiding enforcement of How to fix Incorrect Authorization? Upgrade | <2026.5.2 |
@openclaw/feishu is an OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via improper validation of the How to fix Insecure Default Initialization of Resource? Upgrade | >=2026.3.12 <2026.5.2 |
@openclaw/feishu is an OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) Affected versions of this package are vulnerable to Incorrect Authorization in the process that fetches quoted, root, or thread context messages, which bypasses the sender allowlist. An attacker can access message content from unauthorized senders by exploiting the lack of proper sender validation in this process. How to fix Incorrect Authorization? Upgrade | <2026.5.2 |
@openclaw/feishu is an OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) Affected versions of this package are vulnerable to Incorrect Authorization via the How to fix Incorrect Authorization? Upgrade | >=2026.2.6 <2026.5.2 |
@openclaw/feishu is an OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the How to fix Allocation of Resources Without Limits or Throttling? Upgrade | <2026.5.2 |
@openclaw/feishu is an OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) Affected versions of this package are vulnerable to Incorrect Authorization via the callback handling process. An attacker can gain unauthorized access to callback functionality by sending specially crafted legacy raw card payloads that bypass recipient pairing checks. How to fix Incorrect Authorization? Upgrade | <2026.5.2 |
@openclaw/feishu is an OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Feishu webhook handling process. An attacker can cause excessive resource consumption by sending unauthenticated requests that are fully parsed before signature validation. How to fix Allocation of Resources Without Limits or Throttling? Upgrade | <2026.5.2 |