Not Failing Securely ('Failing Open')

Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' via the VikingBot OpenAPI HTTP route when the apikey configuration value is unset or empty. An attacker can invoke privileged bot-control functionalit...

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

Not Failing Securely ('Failing Open')

Overview rack-session is a session implementation for Rack. Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the Rack::Session::Cookie function when it is configured with the secrets: option. An attacker can gain unauthorized access or escalate privileges...

Not Failing Securely ('Failing Open')

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' via the verifyhash function in authlib/oidc/core/claims.py. An attacker can substitute an access token or authorization code undetect...

Not Failing Securely ('Failing Open')

Overview Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' via the settlsextservernamecallback function. An attacker can bypass security-sensitive checks by causing an unhandled exception in the callback, which results in the connection being accepted. If a...

Not Failing Securely ('Failing Open')

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the credential resolution process. An attacker can access unintended remote credentials by configuring local authentication SecretRefs that are...