Résumé
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
Références
Vulnérabilités liées
Tout Supply chain →- HIGHGHSA-5JV7-2MJM-H6QJ
npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining
- HIGHGHSA-H2W2-V7J6-XQM4
npm PraisonAI AgentLoop onToolCall approval runs after tool execution
- HIGHGHSA-VJV9-7M7J-H833
npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining
- MEDIUMGHSA-4HPG-MP64-X7XQ
OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state
- LOWGHSA-8J37-5W68-WJ2G
OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers
- LOWGHSA-68XW-R643-9P5W
OpenClaw: Skill-command dispatch could skip before-tool-call hooks