iobroker.js-controller@1.4.2 vulnerabilities

Updated by reinstall.js on 2018-06-11T15:19:56.688Z

Direct Vulnerabilities

Known vulnerabilities in the iobroker.js-controller package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Directory Traversal

iobroker.js-controller is a controller that is owning the central configuration of the ioBroker installation and controls and monitors all adapter processes for the current host.

Affected versions of this package are vulnerable to Directory Traversal. An attacker can include file contents from outside the /adapter/xxx/ directory, where xxx is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file.

Note: The attacker has to be logged in if the authentication is enabled (by default isn't enabled).

How to fix Directory Traversal?

Upgrade iobroker.js-controller to version 2.0.25 or higher.