Lucene search
K

5 matches found

Snyk
Snyk
added 2026/05/05 1:35 p.m.11 views

UNIX Symbolic Link (Symlink) Following

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the repository path handling process. An attacker can access files outside the intended repository directory by submitting crafted symlink paths...

6.5CVSS5.8AI score0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/05 11:25 a.m.8 views

CVE-2026-43570 OpenClaw 2026.3.22 < 2026.4.5 - Symlink Traversal in Remote Marketplace Repository Path Handling

OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended...

6.5CVSS5.8AI score0.00323EPSS
Exploits0References4
OSV
OSV
added 2026/04/08 12:7 a.m.4 views

GHSA-5G3J-89FR-R2VP skilleton has improper input handling in repository/path processing

Summary skilleton versions prior to 0.3.1 include security-related weaknesses in repository normalization and path handling logic. Version 0.3.1 contains fixes and additional test coverage for these issues. Affected Versions =0.3.1 Impact In affected versions, crafted input could trigger unsafe o...

6.9CVSS5.8AI score
Exploits0References4
OpenVAS
OpenVAS
added 2026/03/02 12:0 a.m.1 views

Ubuntu: Security Advisory (USN-5376-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6AI score
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2024/09/16 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-6396

A vulnerability in the backuprun function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the runhash and repo.path parameters, which can be manipulated...

9.8CVSS5.9AI score0.53394EPSS
Exploits1References1
Rows per page
Query Builder