Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via system.run. An attacker can bypass allowlist enforcement and approval prompts by supplying an allowlisted rawCommand while providing a different command argume...