2 matches found
OpenClaw Vulnerable to Local File Inclusion via MEDIA: Path Extraction
Summary The isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/file, exfiltrating sensitive data to the user/channel. Detai...
CVE-2025-62187
In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux media file pathnames are not necessarily relative to the media folder...