Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 7fb5922f3844 · 2026-03-09T19:53:51.000Z
GHSA-6rmx-gvvg-vh6j GHSA-j425-whc4-4jgc GHSA-rchv-x836-w7xp GHSA-x46r-mf5g-xpr6
diff --git a/advisories/github-reviewed/2026/03/GHSA-6rmx-gvvg-vh6j/GHSA-6rmx-gvvg-vh6j.json b/advisories/github-reviewed/2026/03/GHSA-6rmx-gvvg-vh6j/GHSA-6rmx-gvvg-vh6j.json
@@ -0,0 +1,67 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6rmx-gvvg-vh6j",
+  "modified": "2026-03-09T19:52:47Z",
+  "published": "2026-03-09T19:52:47Z",
+  "aliases": [],
+  "summary": "OpenClaw's hooks count non-POST requests toward auth lockout",
+  "details": "OpenClaw's hooks HTTP handler counted hook authentication failures before rejecting unsupported HTTP methods. An unauthenticated client could send repeated non-`POST` requests (for example `GET`) with an invalid token to consume the hook auth failure budget and trigger the temporary lockout window for that client key.\n\nThe fix moves the hook method gate ahead of auth-failure accounting so unsupported methods return `405 Method Not Allowed` without incrementing the hook auth limiter.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.3.2`\n- Patched version: `2026.3.7`\n- Latest published npm version at patch time: `2026.3.2`\n\n## Impact\n\nAn unauthenticated network client that could reach `/hooks/*` could temporarily lock out legitimate webhook delivery when requests collapsed to the same hook auth client key, such as shared proxy or NAT topologies. Impact is limited to temporary availability loss for hook-triggered wake or automation delivery.\n\n## Fix Commit(s)\n\n- `44820dceadac65ac7c0ce8fc0ffba8c2bd9fae89`\n\n## Verification\n\n- `pnpm check` passed\n- `pnpm test:fast` passed\n- focused hook regression tests passed\n- `pnpm exec vitest run --config vitest.gateway.config.ts` still has unrelated current-`main` failures in `src/gateway/server-channels.test.ts` and `src/gateway/server-methods/agents-mutate.test.ts`\n\n## Release Process Note\n\nnpm `2026.3.7` was published on March 8, 2026. This advisory is fixed in the released package.\n\nThanks @JNX03 for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.7"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.2"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6rmx-gvvg-vh6j"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/44820dceadac65ac7c0ce8fc0ffba8c2bd9fae89"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-307",
+      "CWE-799"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-09T19:52:47Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-j425-whc4-4jgc/GHSA-j425-whc4-4jgc.json b/advisories/github-reviewed/2026/03/GHSA-j425-whc4-4jgc/GHSA-j425-whc4-4jgc.json
@@ -0,0 +1,67 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j425-whc4-4jgc",
+  "modified": "2026-03-09T19:52:59Z",
+  "published": "2026-03-09T19:52:59Z",
+  "aliases": [],
+  "summary": "OpenClaw's `system.run` env override filtering allowed dangerous helper-command pivots",
+  "details": "### Summary\n`system.run` env override sanitization allowed dangerous override-only helper-command pivots to reach subprocesses. A caller who could invoke `system.run` with `env` overrides could bypass allowlist/approval intent by steering an allowlisted tool through helper-command or config-loading environment variables such as `GIT_SSH_COMMAND`, editor/pager hooks, and `GIT_CONFIG_*` / `NPM_CONFIG_*`.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published vulnerable version: `2026.3.2`\n- Affected range: `<= 2026.3.2`\n- Patched in: `2026.3.7`\n\n### Details\nBefore the fix, `src/infra/host-env-security.ts` blocked only a narrow set of override-only environment variables. Dangerous request-scoped overrides such as `GIT_SSH_COMMAND` and prefix families such as `GIT_CONFIG_*` and `NPM_CONFIG_*` could still survive `sanitizeSystemRunEnvOverrides(...)` / `sanitizeHostExecEnv(...)` and reach the spawned process.\n\nThat mattered for `system.run` allowlist and approval flows because approval evaluation was tied to the reviewed binary/argv, while the launched process could still inherit attacker-controlled env overrides that changed helper-command execution or config resolution. For allowlisted tools such as `git`, this allowed behavior outside the reviewed command semantics.\n\nThe fix extends the shared TypeScript and macOS policy to block dangerous override-only exact keys and prefixes while preserving trusted inherited base-environment behavior.\n\n### Impact\nThis is a real protection-bypass issue, but exploitation requires an already tool-enabled caller who can invoke `system.run` and supply `env` overrides. In affected deployments, that caller could bypass allowlist/approval intent and trigger helper-command execution or config-loading behavior that is not represented by the approved command line. Maintainer severity is set to medium because the bug still requires that existing execution capability; the vulnerability is the mismatch between reviewed command semantics and the actual spawned-process behavior.\n\n### Fix Commit(s)\n- `e27bbe4982439da6864160fd1b66445058f74801`\n\n### Release Process Note\nnpm `2026.3.7` was published on March 8, 2026. This advisory is fixed in the released package.\n\nThanks @tdjackey and @SnailSploit for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.7"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.2"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j425-whc4-4jgc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/e27bbe4982439da6864160fd1b66445058f74801"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-15",
+      "CWE-639"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-09T19:52:59Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-rchv-x836-w7xp/GHSA-rchv-x836-w7xp.json b/advisories/github-reviewed/2026/03/GHSA-rchv-x836-w7xp/GHSA-rchv-x836-w7xp.json
@@ -0,0 +1,66 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rchv-x836-w7xp",
+  "modified": "2026-03-09T19:52:29Z",
+  "published": "2026-03-09T19:52:29Z",
+  "aliases": [],
+  "summary": "OpenClaw's dashboard leaked gateway auth material via browser URL/query and localStorage",
+  "details": "OpenClaw's macOS Dashboard flow exposed Gateway authentication material to browser-controlled surfaces.\n\nBefore the fix, the macOS app appended the shared Gateway `token` and `password` to the Dashboard URL query string when opening the Control UI in the browser. The Control UI then imported the token and persisted it into browser `localStorage` under `openclaw.control.settings.v1`.\n\nThis expanded exposure of reusable Gateway admin credentials into browser address-bar/query surfaces and persistent script-readable storage.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Latest published version verified vulnerable: `2026.3.2`\n- Affected range: `<= 2026.3.2`\n- Patched version: `>= 2026.3.7`\n\n## Impact\n\nAn attacker with access to browser-controlled surfaces or persistent browser storage could recover a valid Gateway admin token and reuse it against the OpenClaw management interface.\n\nThe exposure chain was:\n\n1. macOS `Open Dashboard` constructed a URL with auth material.\n2. The browser received that credential-bearing URL.\n3. The Control UI imported the token from the URL.\n4. The Control UI persisted the token in `localStorage`.\n\n## Fix\n\nThe fix aligns the macOS Dashboard flow with the safer existing CLI/bootstrap pattern and removes persistent browser token storage:\n\n- macOS Dashboard now passes the Gateway token via URL fragment instead of query parameters.\n- macOS Dashboard no longer propagates the shared Gateway password into browser URLs.\n- Control UI keeps Gateway tokens in memory only for the current tab.\n- Control UI scrubs legacy persisted tokens from `openclaw.control.settings.v1` on load.\n- Regression tests cover fragment transport, password omission, and token-scrubbing behavior.\n\n## Fix Commit(s)\n\n- `10d0e3f3ca92326df0ca071fabffe463742f263c` (March 7, 2026)\n\n## Release Process Note\n\nnpm `2026.3.7` was published on March 8, 2026. This advisory is fixed in the released package.\n\nThanks @whiter6666 for reporting.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.7"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 2026.3.2"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rchv-x836-w7xp"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/10d0e3f3ca92326df0ca071fabffe463742f263c"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.7"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-09T19:52:29Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-x46r-mf5g-xpr6/GHSA-x46r-mf5g-xpr6.json b/advisories/github-reviewed/2026/03/GHSA-x46r-mf5g-xpr6/GHSA-x46r-mf5g-xpr6.json
@@ -0,0 +1,65 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-x46r-mf5g-xpr6",
+  "modified": "2026-03-09T19:51:35Z",
+  "published": "2026-03-09T19:51:35Z",
+  "aliases": [
+    "CVE-2026-30930"
+  ],
+  "summary": "Glances has SQL Injection via Process Names in TimescaleDB Export",
+  "details": "### Summary\n\nThe TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize() method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as process names, filesystem mount points, network interface names, or container names.\n\nRoot Cause: The normalize() function uses f\"'{value}'\" for string values without escaping single quotes within the value. The resulting strings are concatenated into INSERT queries via string formatting and executed directly with cur.execute() — no parameterized queries are used.\n\n#### Affected Code\n- _File: glances/exports/glances_timescaledb/__init__.py, lines 79-93 (normalize function)_\n```\ndef normalize(self, value):\n    \"\"\"Normalize the value to be exportable to TimescaleDB.\"\"\"\n    if value is None:\n        return 'NULL'\n    if isinstance(value, bool):\n        return str(value).upper()\n    if isinstance(value, (list, tuple)):\n        # Special case for list of one boolean\n        if len(value) == 1 and isinstance(value[0], bool):\n            return str(value[0]).upper()\n        return ', '.join([f\"'{v}'\" for v in value])\n    if isinstance(value, str):\n        return f\"'{value}'\"  # <-- NO ESCAPING of single quotes within value\n\n    return f\"{value}\"\n```\n\n- _File: glances/exports/glances_timescaledb/__init__.py, lines 201-205 (query construction)_\n```\n# Insert the data\ninsert_list = [f\"({','.join(i)})\" for i in values_list]\ninsert_query = f\"INSERT INTO {plugin} VALUES {','.join(insert_list)};\"\nlogger.debug(f\"Insert data into table: {insert_query}\")\ntry:\n    cur.execute(insert_query)  # <-- Direct execution of concatenated SQL\n```\n\n### PoC\n- As a normal user, create a process with the name containing the SQL Injection payload:\n```\nexec -a \"x'); COPY (SELECT version()) TO '/tmp/sqli_proof.txt' --\"   python3 -c 'import time; [sum(range(500000)) or time.sleep(0.01) for _ in iter(int, 1)]'\n```\n- Start Glances with TimescaleDB export as root user:\n```\nglances --export timescaledb --export-process-filter \".*\" --time 5 --stdout cpu\n```\n- Observe that sqli_proof.txt is created in /tmp directory.\n\n### Impact\n\n- Data Destruction: DROP TABLE, DELETE, TRUNCATE operations against the TimescaleDB database.\n- Data Exfiltration: Using COPY ... TO or subqueries to extract data from other tables.\n- Potential RCE: Via PostgreSQL extensions like COPY ... PROGRAM which executes OS commands.\n- Privilege Escalation: Any local user who can create a process with a crafted name can inject SQL into the database, potentially compromising the entire PostgreSQL instance.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "Glances"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "4.5.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/nicolargo/glances/security/advisories/GHSA-x46r-mf5g-xpr6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/nicolargo/glances/commit/39161f0d6fd723d83f534b48f24cdca722573336"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/nicolargo/glances"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/nicolargo/glances/releases/tag/v4.5.1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-09T19:51:35Z",
+    "nvd_published_at": null
+  }
+}
