Lucene search
K

5 matches found

Snyk
Snyk
added 2026/05/04 8:21 p.m.10 views

Server-side Request Forgery (SSRF)

Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the sendPhoto process. An attacker can cause unauthorized requests to internal or external resources by supplying a crafted outbound photo URL th...

8.6CVSS5.8AI score0.00291EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/02 8:59 p.m.4 views

Replay Attack

Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Replay Attack in the replay deduplication process. An attacker can bypass intended access restrictions by reusing messageId values across authenticated sibling-target delivery paths...

5.4CVSS5.8AI score0.00274EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 4:54 p.m.7 views

Incorrect Authorization

Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the media download process. An attacker can trigger unauthorized network fetches and disk writes by sending crafted messages to Zalo channels, causing the...

6.9CVSS5.9AI score0.00355EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/04 6:56 p.m.4 views

Incorrect Authorization

Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Incorrect Authorization through improper access control in the pairing store process. An attacker can gain unauthorized access to another account's direct message pairing by leveraging...

8.1CVSS5.8AI score0.00165EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/03 11:18 p.m.2 views

Incorrect Authorization

Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the GROUP message dispatch process. An attacker can gain unauthorized access to restricted group message handling by sending GROUP messages from a sender not...

5.3CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder