GHSA-3h2q-j2v4-6w5r: OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers
OpenClaw’s system.run shell-wrapper detection did not recognize PowerShell -EncodedCommand forms as inline-command wrappers.
In allowlist mode, a caller with access to system.run could invoke pwsh or powershell using -EncodedCommand, -enc, or -e, and the request would fall back to plain argv analysis instead of the normal shell-wrapper approval path. This could allow a PowerShell inline payload to execute without the approval step that equivalent -Command invocations would require.
Latest published npm version: 2026.3.2
Fixed on main on March 7, 2026 in 1d1757b16f48f1a93cd16ab0ad7e2c3c63ce727d by recognizing PowerShell encoded-command aliases during shell-wrapper parsing, so allowlist mode continues to require approval for those payloads. Normal approved PowerShell wrapper flows continue to work.
References
Code Behaviors & Features
Detect and mitigate GHSA-3h2q-j2v4-6w5r with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →