GHSA-33hm-cq8r-wc49: Temporary path handling could write outside OpenClaw temp boundary
Sandbox media local-path validation accepted absolute paths under host tmp, even when those paths were outside the active sandbox root.
References
- github.com/advisories/GHSA-33hm-cq8r-wc49
- github.com/openclaw/openclaw
- github.com/openclaw/openclaw/commit/79a7b3d22ef92e36a4031093d80a0acb0d82f351
- github.com/openclaw/openclaw/commit/d3da67c7a9b463edc1a9b1c1f7af107a34ca32f5
- github.com/openclaw/openclaw/commit/def993dbd843ff28f2b3bad5cc24603874ba9f1e
- github.com/openclaw/openclaw/security/advisories/GHSA-33hm-cq8r-wc49
Code Behaviors & Features
Detect and mitigate GHSA-33hm-cq8r-wc49 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →