Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw < 2026.3.24 - Arbitrary Code Execution via .npmrc in Local Plugin/Hook Installation
Vulnerability Description
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package directory, attackers can leverage git dependencies to trigger execution of arbitrary programs specified in the attacker-controlled .npmrc configuration file.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
在可信数据中接受外来的不可信数据
Vulnerability Title
OpenClaw 安全漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.24之前版本存在安全漏洞,该漏洞源于本地插件和钩子安装过程中存在任意代码执行漏洞,攻击者可通过制作包含git可执行文件覆盖的.npmrc文件,在npm install执行期间触发执行任意程序。
CVSS Information
N/A
Vulnerability Type
N/A