2 matches found
Use of Less Trusted Source
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of Less Trusted Source in the diffs viewer process when proxied remote requests are incorrectly classified as loopback addresses if allowRemoteViewer is disabled. An attacker can gain...
UNIX Symbolic Link (Symlink) Following
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in the tar upload process. An attacker can overwrite arbitrary files on the remote host by uploading a tar archive containing symlinks that are follow...