OpenClaude: Sandbox Bypass via Early-Exit Logic Flaw Allows Path Traversal

A logic flaw exists in bashToolHasPermission inside src/tools/BashTool/bashPermissions.ts. When the sandbox auto-allow feature is active and no explicit deny rule is configured, the function returns an allow result immediately — before the path constraint filter checkPathConstraints is ever...

PT-2023-22234 · Unknown · Warpinator

Name of the Vulnerable Software and Affected Versions: Warpinator versions prior to 1.6.0 Description: The issue allows remote file deletion via directory traversal in top dir basenames. This could enable an attacker to delete arbitrary files on the recipient's computer. The vulnerability has bee...