GHSA-gp3q-wpq4-5c5h: OpenClaw: LINE group allowlist scope mismatch with DM pairing-store entries

March 12, 2026

In specific LINE configurations, sender IDs approved through DM pairing could also satisfy group allowlist checks when operators expected group sender access to be scoped only to explicit group allowlists.

References

github.com/advisories/GHSA-gp3q-wpq4-5c5h
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/892a9c24b0f6118729ab5b5f5499b1a7e792dd15
github.com/openclaw/openclaw/commit/8bdda7a651c21e98faccdbbd73081e79cffe8be0
github.com/openclaw/openclaw/security/advisories/GHSA-gp3q-wpq4-5c5h

Code Behaviors & Features

Detect and mitigate GHSA-gp3q-wpq4-5c5h with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →