Lucene search
+L

3 matches found

Github Security Blog
Github Security Blog
added 2026/04/09 5:37 p.m.11 views

OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects

Impact fetchWithSsrFGuard replays unsafe request bodies across cross-origin redirects. A guarded fetch could resend unsafe request bodies or headers when following cross-origin redirects. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does n...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/09 5:37 p.m.3 views

GHSA-QX8J-G322-QJ6M OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects

Impact fetchWithSsrFGuard replays unsafe request bodies across cross-origin redirects. A guarded fetch could resend unsafe request bodies or headers when following cross-origin redirects. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does n...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References5
OSV
OSV
added 2026/04/09 12:31 a.m.1 views

GHSA-PG8G-F2HF-X82M Duplicate Advisory: OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qx8j-g322-qj6m. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that...

7.1CVSS5.7AI score0.00239EPSS
Exploits0References4
Rows per page
Query Builder