5 matches found
Allocation of Resources Without Limits or Throttling
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing pre-allocation size checks in the base64 decoding process. An attacker can cause excessive memory allocation by providi...
Missing Support for Integrity Check
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Support for Integrity Check through the download process. An attacker can cause unauthorized or malicious plugin archives to be installed by providing tampered or unverified files...
Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the host-exec process. An attacker can execute arbitrary commands by injecting environment variables that influence interpreters, shells, or build tools. Remediation...
Insufficient Session Expiration
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Session Expiration due to the resolvedAuth process becoming outdated after a configuration reload. An attacker can maintain unauthorized access by leveraging stale...
Exposure of Resource to Wrong Sphere
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the handling of shared reply MEDIA references, where paths are treated as trusted. An attacker can cause unauthorized access to local files by...