Lucene search
GoogleOSV:GHSA-CMCH-296J-WFVWHistoryDec 02, 2019 - 6:06 p.m.
Arbitrary File Write in iobroker.js-controller
2019-12-0218:06:14
Google
osv.dev
7
0.002 Low
EPSS
Percentile
55.4%
Versions of iobroker.controller prior to 2.0.25 are vulnerable to Path Traversal. The package fails to restrict access to folders outside of the intended /adapter/<adapter-name> folder, which may allow attackers to include arbitrary files in the system. An attacker would need to be authenticated to perform the attack but the package has authentication disabled by default.
Recommendation
Upgrade to version 2.0.25 or later.
| CPE | Name | Operator | Version |
|---|---|---|---|
| iobroker.js-controller | lt | 2.0.25 |
Related
veracode
veracode
Directory Traversal
2019-11-22 03:16:26
osv
osv
CVE-2019-10767
2019-11-21 17:15:11
githubexploit
githubexploit
Exploit for Path Traversal in Iobroker Iobroker.Js-Controller
2020-12-01 09:18:57
cve
cve
CVE-2019-10767
2019-11-21 17:15:11
nodejs
nodejs
Arbitrary File Write
2019-11-29 17:54:05
cvelist
cvelist
CVE-2019-10767
2019-11-21 16:09:40
nvd
nvd
CVE-2019-10767
2019-11-21 17:15:11
github
github
Arbitrary File Write in iobroker.js-controller
2019-12-02 18:06:14
prion
prion
Authentication flaw
2019-11-21 17:15:00