Summary
Heimdall: IP Spoofing via Unvalidated Forwarding Headers
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-CW4Q-GQG5-G38H
OpenClaw: Discord allowFrom could bind to mutable display names
- HIGHGHSA-8C59-HR4W-QG69
OpenClaw: Zalo allowFrom could bind to mutable display names
- MEDIUMGHSA-GXG4-2RRR-JHC7
OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently
- CRITICALGHSA-GFJ5-979R-92PW
@acastellon/auth: Authentication bypass via spoofable headers in validateToken()
- MEDIUMGHSA-FJV8-J4P5-CR9M
Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
- LOWGHSA-3MP7-VP6J-2MXX
BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing