iobroker.js-controller@1.5.1 vulnerabilities

Updated by reinstall.js on 2018-06-11T15:19:56.688Z

  • latest version

    7.0.6

  • latest non vulnerable version

  • first published

    9 years ago

  • latest version published

    6 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the iobroker.js-controller package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Directory Traversal

    iobroker.js-controller is a controller that is owning the central configuration of the ioBroker installation and controls and monitors all adapter processes for the current host.

    Affected versions of this package are vulnerable to Directory Traversal. An attacker can include file contents from outside the /adapter/xxx/ directory, where xxx is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file.

    Note: The attacker has to be logged in if the authentication is enabled (by default isn't enabled).

    How to fix Directory Traversal?

    Upgrade iobroker.js-controller to version 2.0.25 or higher.

    <2.0.25