2 matches found
GHSA-CJV3-M589-V3RX OpenClaw has Canvas route hardening for mixed-trust deployments
Summary This advisory tracks a defense-in-depth hardening for canvas routes. In mixed-trust or network-visible deployments, prior canvas auth/fallback behavior could broaden access beyond intended boundaries. Deployment Context OpenClaw’s default model is trusted host + loopback-first access. Som...
Improper Restriction of Rendered UI Layers or Frames
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames in the canvas route authorization process. An attacker can gain unauthorized access to restricted routes by exploiting insufficient...