3 matches found
iobroker.mieleathome (=0.0.4), t-motion-detector (=0.5.42) potentially affected by CVE-2019-10767 via iobroker.js-controller (=1.5.14)
iobroker.js-controller NPM version =1.5.14 is affected by a known vulnerability. The following packages have a transitive dependency on iobroker.js-controller and may be impacted: - iobroker.mieleathome =0.0.4 - t-motion-detector =0.5.42 Source cves: CVE-2019-10767 Source advisory:...
CVE-2019-10767
An attacker can include file contents from outside the /adapter/xxx/ directory, where xxx is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. Note: The attacker has to be logged in if the authentication is enabled...
CVE-2019-10767
CVE-2019-10767 affects iobroker.js-controller (Linux/Windows environments) where a path traversal flaw allows inclusion of files outside the /adapter/xxx/ directory when using the administrative web panel to request an adapter file. The root cause is inadequate access restriction outside the inte...