2 matches found
GHSA-QX8J-G322-QJ6M OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects
Impact fetchWithSsrFGuard replays unsafe request bodies across cross-origin redirects. A guarded fetch could resend unsafe request bodies or headers when following cross-origin redirects. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does n...
GHSA-VC32-H5MQ-453V OpenClaw: /allowlist omits owner-only enforcement for cross-channel allowlist writes
Impact /allowlist omits owner-only enforcement for cross-channel allowlist writes. An authorized non-owner sender could attempt allowlist writes against a different channel. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a...