11 matches found
GO-2026-5079 Crabbox contains a path traversal vulnerability in the Islo provider's workspace path resolution in github.com/openclaw/crabbox
Crabbox contains a path traversal vulnerability in the Islo provider's workspace path resolution in github.com/openclaw/crabbox...
Path Traversal
github.com/openclaw/crabbox is vulnerable to path traversal. The vulnerability is due to improper validation of workspace path resolution in the Islo provider, which allows an attacker to supply crafted absolute or relative paths through a malicious .crabbox.yaml or crabbox.yaml file to perform...
GHSA-3CJV-H753-QF7H Crabbox contains a path traversal vulnerability in the Islo provider's workspace path resolution
Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...
EUVD-2026-29198
Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...
CVE-2026-45224
Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the workspace path resolution in the Islo provider. An attacker can cause arbitrary file deletion or overwrite by supplying a crafted configuration file containing traversal sequences, which are processed without...
CVE-2026-45224 Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace Resolution
Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...
CVE-2026-45224 Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace Resolution
Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...
CVE-2026-45224
CVE-2026-45224 – Crabbox
Crabbox 路径遍历漏洞
Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.9.0 contained a path traversal vulnerability. This vulnerability stemmed from path resolution in the Islo provider’s workspace, allowing attackers to provide...
PT-2026-39730
Name of the Vulnerable Software and Affected Versions Crabbox versions prior to 0.9.0 Description A path traversal issue exists in the Islo provider's workspace path resolution. This allows attackers to use absolute or relative paths that resolve outside the intended '/workspace' directory. By...