135 matches found
CVE-2024-13971 Arbitrary File Read and Server Side Request Forgery via XML External Entities in Lobster_pro
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...
CVE-2024-13971
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...
EUVD-2024-55563
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...
PT-2026-36092
Name of the Vulnerable Software and Affected Versions Lobster pro versions prior to 4.12.6-GA Description Unauthenticated attackers can exploit a weakness in the XML parser functionality. This allows for read access to files on the application server and adjacent network shares, as well as the...
Lobster_pro 代码问题漏洞
Lobsterpro is a middleware platform developed by the German company Lobster, used for enterprise data integration and process orchestration. Versions of Lobsterpro prior to 4.12.6-GA contained code vulnerabilities. These vulnerabilities stemmed from weaknesses in the XML parser’s functionality,...
CVE-2026-32000
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers can inject shell metacharacters in command arguments to execute arbitrary commands when subproce...
CVE-2026-31995
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true,...
EUVD-2026-14590
OpenClaw 2026.1.21 before 2026.2.19 contains a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows local operators to execute arbitrary commands. When spawn failures trigger shell fallback with shell: true, tool-provided arguments are interprete...
CVE-2026-32908
...
CVE-2026-32908
OpenClaw 2026.1.21 before 2026.2.19 contains a local command injection in the Lobster extension’s Windows shell fallback. When spawn failures trigger shell fallback with shell: true, tool-provided arguments are interpreted by cmd.exe, enabling arbitrary commands via workflow-controlled parameters...
PT-2026-27240
OpenClaw 2026.1.21 before 2026.2.19 contains a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows local operators to execute arbitrary commands. When spawn failures trigger shell fallback with shell: true, tool-provided arguments are interprete...
GHSA-5RP4-CWGH-GVWQ Duplicate Advisory: OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7fcc-cw49-xm78. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool executio...
EUVD-2026-13039
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers can inject shell metacharacters in command arguments to execute arbitrary commands when subproce...
EUVD-2026-13029
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true,...
Duplicate Advisory: OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7fcc-cw49-xm78. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool executio...
GHSA-8PX5-2GFR-7PH6 Duplicate Advisory: OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fg3m-vhrr-8gj6. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's...
Duplicate Advisory: OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fg3m-vhrr-8gj6. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's...
CVE-2026-32000
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers can inject shell metacharacters in command arguments to execute arbitrary commands when subproce...
CVE-2026-32000
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension tool execution that uses Windows shell fallback with shell: true after spawn failures. Attackers can inject shell metacharacters in command arguments to execute arbitrary commands when subproce...
CVE-2026-31995
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true,...