漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Verification Bypass
Vulnerability Description
OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairing entries and trigger pairing-reply attempts, consuming shared pairing capacity and triggering bounded relay and logging work on the Nostr channel.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
OpenClaw 数据伪造问题漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.22版本至2026.3.31之前版本存在数据伪造问题漏洞,该漏洞源于Nostr DM入口路径存在签名验证绕过,可能导致未经身份验证的远程攻击者发送伪造的直接消息来创建待处理的配对条目并触发配对回复尝试,消耗共享配对容量并触发有界中继和日志记录工作。
CVSS Information
N/A
Vulnerability Type
N/A