3 matches found
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the agentCommand process when the senderIsOwner parameter is omitted, causing it to default to true. An attacker can gain unauthorized access to owner-only tool...
Authentication Bypass Using an Alternate Path or Channel
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the route classification process. An attacker can gain unauthorized access to protected API endpoints by submitting requests...
Arbitrary Argument Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Argument Injection via the system.run process. An attacker can execute unintended local scripts by manipulating the wrapper arguments and placing a malicious file in the approve...