8 matches found
Path Traversal
github.com/openclaw/crabbox is vulnerable to path traversal. The vulnerability is due to improper validation of workspace path resolution in the Islo provider, which allows an attacker to supply crafted absolute or relative paths through a malicious .crabbox.yaml or crabbox.yaml file to perform...
CVE-2026-45224
Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...
CVE-2026-45224
Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...
CVE-2026-45224 Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace Resolution
Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...
CVE-2026-45224
CVE-2026-45224 – Crabbox
Crabbox 路径遍历漏洞
Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.9.0 contained a path traversal vulnerability. This vulnerability stemmed from path resolution in the Islo provider’s workspace, allowing attackers to provide...
PT-2026-39730
Name of the Vulnerable Software and Affected Versions Crabbox versions prior to 0.9.0 Description A path traversal issue exists in the Islo provider's workspace path resolution. This allows attackers to use absolute or relative paths that resolve outside the intended '/workspace' directory. By...
SUSE CVE-2024-26846
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...