2182 matches found
Heap-based Buffer Overflow
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
OpenClaw: system.run wrapper-depth boundary could skip shell approval gating
OpenClaw's system.run dispatch-wrapper handling applied different depth-boundary rules to shell-wrapper approval detection and execution planning. With exactly four transparent dispatch wrappers such as repeated env invocations before /bin/sh -c, the approval classifier could stop treating the...
GHSA-R6QF-8968-WJ9Q OpenClaw: system.run wrapper-depth boundary could skip shell approval gating
OpenClaw's system.run dispatch-wrapper handling applied different depth-boundary rules to shell-wrapper approval detection and execution planning. With exactly four transparent dispatch wrappers such as repeated env invocations before /bin/sh -c, the approval classifier could stop treating the...
GHSA-3H2Q-J2V4-6W5R OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers
OpenClaw's system.run shell-wrapper detection did not recognize PowerShell -EncodedCommand forms as inline-command wrappers. In allowlist mode, a caller with access to system.run could invoke pwsh or powershell using -EncodedCommand, -enc, or -e, and the request would fall back to plain argv...
OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers
OpenClaw's system.run shell-wrapper detection did not recognize PowerShell -EncodedCommand forms as inline-command wrappers. In allowlist mode, a caller with access to system.run could invoke pwsh or powershell using -EncodedCommand, -enc, or -e, and the request would fall back to plain argv...
[SECURITY] Fedora 42 Update: python-apt-3.1.0-1.fc42
python-apt is a wrapper to use features of APT from Python...
[SECURITY] Fedora 43 Update: python-apt-3.1.0-1.fc43
python-apt is a wrapper to use features of APT from Python...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the system.run process. An attacker can execute unauthorized commands by bypassing allowlist restrictions through wrapper binaries such as env or shell-dispatc...
GHSA-JJ82-76V6-933R OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains
Summary system.run exec allowlist analysis treated wrapper binaries as the effective executable and did not fully unwrap env/shell-dispatch wrappers. This allowed wrapper-smuggled payloads for example env bash -lc ... to satisfy an allowlist entry for the wrapper while executing non-allowlisted...
Interpretation Conflict
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Interpretation Conflict through a mismatch in policy and runtime interpretation of wrapper commands using GNU env -S semantics. An attacker can execute unintended commands by injecting...
OpenClaw has exec allowlist/safeBins policy-runtime mismatch via env -S wrapper interpretation
Summary tools.exec allowlist/safe-bins evaluation could diverge from runtime execution for wrapper commands using GNU env -S/--split-string semantics. This allowed policy checks to treat a command as a benign safe-bin invocation while runtime executed a different payload. Affected Packages /...
GHSA-796M-2973-WC5Q OpenClaw has exec allowlist/safeBins policy-runtime mismatch via env -S wrapper interpretation
Summary tools.exec allowlist/safe-bins evaluation could diverge from runtime execution for wrapper commands using GNU env -S/--split-string semantics. This allowed policy checks to treat a command as a benign safe-bin invocation while runtime executed a different payload. Affected Packages /...
OpenClaw has macOS `system.run` allowlist bypass via quoted command substitution
Summary In OpenClaw's macOS node-host path, system.run allowlist parsing in security=allowlist mode failed to reject command substitution tokens when they appeared inside double-quoted shell text. Because of that gap, payloads like echo "ok $id" could be treated as allowlist hits first executable...
Arbitrary Argument Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Argument Injection via the system.run process. An attacker can execute unintended local scripts by manipulating the wrapper arguments and placing a malicious file in the approve...
OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text
Summary In openclaw up to and including 2026.2.23 latest npm release as of February 25, 2026, system.run shell-wrapper inputs could present misleading approval/display text while still carrying hidden positional argv payloads that execute at runtime. Affected Packages / Versions - Package: opencl...
GHSA-6RCP-VXWF-3MFP OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text
Summary In openclaw up to and including 2026.2.23 latest npm release as of February 25, 2026, system.run shell-wrapper inputs could present misleading approval/display text while still carrying hidden positional argv payloads that execute at runtime. Affected Packages / Versions - Package: opencl...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through a mismatch in wrapper-depth parsing in system.run. An attacker can bypass approval gating by crafting nested transparent dispatch wrappers, allowing...
GHSA-CCG8-46R6-9QGJ OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode
Summary A wrapper-depth parsing mismatch in system.run allowed nested transparent dispatch wrappers for example repeated /usr/bin/env to suppress shell-wrapper detection while still matching allowlist resolution. In security=allowlist + ask=on-miss, this could bypass the expected approval prompt...
OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode
Summary A wrapper-depth parsing mismatch in system.run allowed nested transparent dispatch wrappers for example repeated /usr/bin/env to suppress shell-wrapper detection while still matching allowlist resolution. In security=allowlist + ask=on-miss, this could bypass the expected approval prompt...
OpenClaw has allowlist exec-guard bypass via env -S
Summary In allowlist mode, system.run guardrails could be bypassed through env -S, causing policy-analysis/runtime-execution mismatch for shell wrapper payloads. Severity Rationale Medium This issue is rated medium because it is a guardrail/policy bypass in OpenClaw's trusted-operator model, not ...