2 matches found
Server-side Request Forgery (SSRF)
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the assertPublicHostname function in web-fetch.ts. An attacker can access internal resources or perform unauthorized network requests by sending craft...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via improper handling of user-supplied input in the sshNodeCommand and parseSSHTarget functions. An attacker can execute arbitrary commands on the local machine or a remote SSH host by supplying specially crafted proje...