An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyNjctNzhqci1qOTRw

Local File Inclusion in domokeeper

All versions of domokeeper are vulnerable to Local File Inclusion. The /plugin/ route passes a GET parameter unsanitized to a require() call. It then returns the output of require() in the server response. This may allow attackers to load unintended code in the application. It also allows attackers to exfiltrate information in .json files.


No fix is currently available. Consider using an alternative package until a fix is made available.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 3 years ago
Updated: over 1 year ago

Identifiers: GHSA-cr67-78jr-j94p
References: Blast Radius: 0.0

Affected Packages

Dependent packages: 1
Dependent repositories: 1
Downloads: 9 last month
Affected Version Ranges: >= 0.0.0
No known fixed version
All affected versions: 0.0.0, 0.0.2, 0.0.3, 0.1.0, 0.1.1, 0.2.0