漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenClaw < 2026.3.22 - Supply Chain Redirection via Incomplete Host Environment Sanitization
Vulnerability Description
OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime bootstrap to attacker-controlled infrastructure and execute trojanized content.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
宽松定义的白名单
Vulnerability Title
OpenClaw 安全漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.22之前版本存在安全漏洞,该漏洞源于host-env-security-policy.json和host-env-security.ts中的不完整主机环境变量清理漏洞,允许包管理器环境覆盖。攻击者可以利用批准的执行请求将包解析或运行时引导重定向到攻击者控制的基础设施,并执行特洛伊木马内容。
CVSS Information
N/A
Vulnerability Type
N/A