GHSA-8cp7-rp8r-mg77: OpenClaw has SSRF guard bypass via IPv6 transition over ISATAP
OpenClaw’s SSRF hostname/IP guard did not detect ISATAP embedded IPv4 addresses (...:5efe:w.x.y.z). A crafted URL containing an ISATAP IPv6 literal could embed a private IPv4 target (for example loopback) and bypass private-address filtering in URL-fetching paths.
References
Code Behaviors & Features
Detect and mitigate GHSA-8cp7-rp8r-mg77 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →