2 matches found
Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection in the tools.exec.safeBins process when a binary without an explicit safe-bin profile is added in allowlist mode. An attacker can execute arbitrary code by supplying...
Untrusted Search Path
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via tools.exec.safeBins. An attacker can execute arbitrary commands by placing a malicious binary with the same name as a trusted binary in a PATH-derived directory...