2 matches found
GHSA-V8CG-4474-49V8 OpenClaw: Slack system events bypass sender authorization in member and message subtype handlers
Summary Slack member and message subtype system events messagechanged, messagedeleted, threadbroadcast were not consistently enforcing sender authorization before enqueueing system events. Affected Packages / Versions - Package: openclaw npm - Latest published version: 2026.2.25 - Affected range:...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the handling of Slack system events in members.ts and messages.ts due to missing sender authorization checks before enqueueing events. An attacker can gain...