3 matches found
Replay Attack
Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Replay Attack in the replay deduplication process. An attacker can bypass intended access restrictions by reusing messageId values across authenticated sibling-target delivery paths...
Incorrect Authorization
Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the media download process. An attacker can trigger unauthorized network fetches and disk writes by sending crafted messages to Zalo channels, causing the...
Incorrect Authorization
Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Incorrect Authorization through improper access control in the pairing store process. An attacker can gain unauthorized access to another account's direct message pairing by leveraging...