GHSA-CR67-78JR-J94P Local File Inclusion in domokeeper

All versions of domokeeper are vulnerable to Local File Inclusion. The /plugin/ route passes a GET parameter unsanitized to a require call. It then returns the output of require in the server response. This may allow attackers to load unintended code in the application. It also allows attackers t...

Local File Inclusion in domokeeper

All versions of domokeeper are vulnerable to Local File Inclusion. The /plugin/ route passes a GET parameter unsanitized to a require call. It then returns the output of require in the server response. This may allow attackers to load unintended code in the application. It also allows attackers t...

Local File Inclusion

Overview All versions of domokeeper are vulnerable to Local File Inclusion. The /plugin/ route passes a GET parameter unsanitized to a require call. It then returns the output of require in the server response. This may allow attackers to load unintended code in the application. It also allows...

Directory Traversal

domokeeper is susceptible to directory traversal. The attack is possible because of the use of the command require which dynamically read unintended arbitary json files and load non-production code on the server...

Node.js third-party modules: [domokeeper] Unintended Require

I would like to report Unintended Require vulnerability in domokeeper It allows reading arbitary json files and load non-production code. Module module name: domokeeper version: 0.2.0 npm page: https://www.npmjs.com/package/domokeeper Module Description domokeeper server: a pluggable domotic...