4 matches found
Use of Weak Hash
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of Weak Hash due to the use of SHA-1 in the process that generates sandbox identifier cache keys for Docker or browser sandbox configuration. An attacker can cause one configuration t...
Allocation of Resources Without Limits or Throttling
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the webfetch tool. An attacker can cause the application to exhaust system memory or become unresponsive by tricking a user or...
Origin Validation Error
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error in the sessionslist, sessionshistory, and sessionssend tools. An attacker can access sensitive transcript content from peer sessions by exploiting insufficient...
Arbitrary Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Command Injection due to embedding the current working directory path into LLM prompts without sanitization. An attacker can manipulate agent behavior or cause disclosure of...