2 matches found
Incorrect Permission Assignment for Critical Resource
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the uploadfile or uploadimage process. An attacker can access files outside the intended workspace directory by uploading special...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through the IsSensitivePathp string bool path check in kernel/util/path.go. An attacker can copy and then read files outside the workspace, including data under /opt, /usr, and others, by abusing the globalCopyFiles...