An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyNjctNzhqci1qOTRw

Local File Inclusion in domokeeper

All versions of domokeeper are vulnerable to Local File Inclusion. The /plugin/ route passes a GET parameter unsanitized to a require() call. It then returns the output of require() in the server response. This may allow attackers to load unintended code in the application. It also allows attackers to exfiltrate information in .json files.


No fix is currently available. Consider using an alternative package until a fix is made available.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 3 years ago
Updated: 9 months ago

Identifiers: GHSA-cr67-78jr-j94p

Affected Packages

Versions: >= 0.0.0
No known fixed version