2 matches found
OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation
Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...
GHSA-PJ5X-38RW-6FPH OpenClaw has a Command Injection via unescaped environment assignments in Windows Scheduled Task script generation
Summary A command injection vulnerability existed in Windows Scheduled Task script generation for OpenClaw. Environment values were written into gateway.cmd using unquoted set KEY=VALUE, which allowed Windows shell metacharacters in config-provided environment variables to break out of assignment...