2 matches found
GHSA-QP5J-JR73-M2PW Duplicate Advisory: Workspace .env npm_execpath could influence bundled runtime dependency install
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-24vr-rprv-67rf. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env...
CVE-2026-53846 OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath
OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npmexecpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local package-manager...