Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/07 6:14 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the enforcement of pending pairing-request caps per channel rather than per account. An attacker can prevent new pairing or...

7.5CVSS5.8AI score0.00417EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 6:10 p.m.4 views

Arbitrary File Upload

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary File Upload through the Tlon media downloads process. An attacker can exhaust disk resources by bypassing core size, count, and cleanup limits. Remediation Upgrade openclaw to...

6.5CVSS5.8AI score0.00343EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:24 a.m.6 views

Use of Less Trusted Source

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of Less Trusted Source in the diffs viewer process when proxied remote requests are incorrectly classified as loopback addresses if allowRemoteViewer is disabled. An attacker can gain...

6.3CVSS6AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:23 p.m.1 views

UNIX Symbolic Link (Symlink) Following

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in the tar upload process. An attacker can overwrite arbitrary files on the remote host by uploading a tar archive containing symlinks that are follow...

8.1CVSS6.1AI score0.00533EPSS
Exploits0References3
Rows per page
Query Builder