2 matches found
Information Exposure
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Information Exposure in the analysis of allowlisted commands containing unquoted heredocs. An attacker can cause unintended shell expansion by crafting a command that hides malicious code...
Access Control Bypass
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Access Control Bypass via the MCP loopback process. An attacker can gain unauthorized access to owner-gated operations by spoofing owner-context metadata in request headers. Remediation...