9 matches found
CVE-2026-35651
OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to...
CVE-2026-35651 OpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Injection in Approval Prompt
OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Version 2026.2.13 to 2026.3.24 of OpenClaw contained security vulnerabilities. These vulnerabilities were caused by ANSI escape sequence injections in the approval prompts, which could allow attackers to forge...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization of user-supplied input in several fields, including repository descriptions, project names, git commit author names, commit messages, access token names, and webhook URLs. An attacker can inject malicious ANSI...
EUVD-2020-0232
Malware in sbrugna...
Amazon Linux 2023 : glycin-loaders (ALAS2023-2025-1193)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1193 advisory. tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence...
AZL-73211 CVE-2025-58160 affecting package kata-containers 3.19.1.kata2-6
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...
UBUNTU-CVE-2025-58160
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...
Vulnerability fixed in Splunk SOAR
Splunk has fixed a vulnerability in Splunk SOAR. The vulnerability allows an unauthenticated malicious person to inject inject ANSI escape code into a log file. To do so, the malicious party must send a specially prepared HTTP request to the Spunk SOAR instance. When this log file is read in a...