Summary
Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
References
Related vulnerabilities
All Supply chain →- LOWGHSA-9V8J-9C9G-W66C
OpenClaw: Bootstrap token replay could widen pending pairing scopes
- HIGHGHSA-5CJ2-3JR2-5H77
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
- MEDIUMGHSA-GXG4-2RRR-JHC7
OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently
- CRITICALGHSA-2JQ4-Q6VV-4CP3
Crawl4AI: Arbitrary file write (path traversal) in crawler downloads can lead to RCE
- CRITICALGHSA-HXPF-9XVQ-WPH8
netlicensing-mcp: REST Path Traversal Bypasses Token Redaction
- MEDIUMGHSA-4JVG-4JFX-FMHC
opentelemetry-collector-contrib sentryexporter: Path traversal in Sentry exporter via attacker-controlled service.name reaches privileged Sentry API endpoints with operator bearer token