Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/25 11:46 p.m.4 views

Incorrect Authorization

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Incorrect Authorization through the Feishu card-action callback process. An attacker can bypass intended policy restrictions by crafting a...

6.9CVSS5.8AI score0.00265EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/02 8:59 p.m.4 views

Incorrect Authorization

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Incorrect Authorization in the process that fetches quoted, root, or thread context messages, which bypasses the sender allowlist. An attacker ca...

5.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/03 9:41 p.m.3 views

Incorrect Authorization

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Incorrect Authorization via the channels.feishu.allowFrom process. An attacker can gain unauthorized access by setting a display name that collid...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/03 6:42 p.m.5 views

Directory Traversal

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Directory Traversal via media.ts. An attacker can write arbitrary files outside the intended temporary directory by supplying crafted Feishu medi...

9.1CVSS6.2AI score0.00339EPSS
Exploits0References2
Rows per page
Query Builder