Lucene search
K

7 matches found

OSV
OSV
added 2026/04/09 12:31 a.m.1 views

GHSA-PG8G-F2HF-X82M Duplicate Advisory: OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qx8j-g322-qj6m. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that...

7.1CVSS5.7AI score0.00239EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/09 12:31 a.m.16 views

EUVD-2026-20781

OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/09 12:31 a.m.8 views

Duplicate Advisory: OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qx8j-g322-qj6m. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that...

7.1CVSS5.7AI score0.00239EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/08 10:16 p.m.5 views

CVE-2026-40037

OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to...

7.1CVSS0.00239EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/08 9:35 p.m.1 views

CVE-2026-40037

OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/08 9:35 p.m.3 views

CVE-2026-40037 OpenClaw < 2026.3.31 - Unsafe Request Body Replay via fetchWithSsrFGuard Cross-Origin Redirects

OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.8 views

PT-2026-31472

OpenClaw before 2026.3.31 patched in 2026.4.8 contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References5
Rows per page
Query Builder