Résumé
Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion
Références
Vulnérabilités liées
Tout Supply chain →- HIGHGHSA-VRHC-3FR6-PC3C
Open WebUI: Forged chat-file link allows cross-user file read and deletion
- MEDIUMGHSA-MPC8-JXJH-QPGH
OpenClaw: Focus command could miss controlScope enforcement
- MEDIUMGHSA-72FW-CQH5-F324
OpenClaw: memory-wiki shared search could miss session visibility checks
- MEDIUMGHSA-FCVX-5CXC-V5P8
OpenClaw: Slack reaction events could ignore reaction notification settings
- HIGHGHSA-5CJ2-3JR2-5H77
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
- HIGHGHSA-HJWC-26PJ-V3PM
AgenticMail: Cross-agent task authorization bypass in AgenticMail API