Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 8203b6e36b49 · 2026-03-10T18:42:41.000Z
GHSA-qj77-c3c8-9c3q GHSA-v773-r54f-q32w GHSA-whrj-4476-wvmp GHSA-9c4h-pwmf-m6fj GHSA-v53h-f6m7-xcgm
diff --git a/advisories/github-reviewed/2026/02/GHSA-qj77-c3c8-9c3q/GHSA-qj77-c3c8-9c3q.json b/advisories/github-reviewed/2026/02/GHSA-qj77-c3c8-9c3q/GHSA-qj77-c3c8-9c3q.json
@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qj77-c3c8-9c3q",
-  "modified": "2026-03-05T21:40:42Z",
+  "modified": "2026-03-10T18:41:42Z",
   "published": "2026-02-17T16:44:11Z",
   "aliases": [
     "CVE-2026-28391"
   ],
   "summary": "OpenClaw's Windows cmd.exe parsing may bypass exec allowlist/approval gating",
   "details": "### Summary\n\nOn Windows nodes, exec requests were executed via `cmd.exe /d /s /c <rawCommand>`. In allowlist/approval-gated mode, the allowlist analysis did not model Windows `cmd.exe` parsing and metacharacter behavior. A crafted command string could cause `cmd.exe` to interpret additional operations (for example command chaining via `&`, or expansion via `%...%` / `!...!`) beyond what was allowlisted/approved.\n\n### Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected: `<= 2026.2.1`\n- Patched: `>= 2026.2.2`\n- Latest (npm) as of 2026-02-14: `2026.2.13`\n\n### Details\n\n- Default installs: Not affected unless you opt into exec allowlist/approval gating on Windows nodes.\n- Windows execution uses `cmd.exe` via `src/infra/node-shell.ts`.\n- The fix hardens Windows allowlist enforcement by:\n  - Passing the platform into allowlist analysis and rejecting Windows shell metacharacters.\n  - Treating `cmd.exe` invocation as not allowlist-safe on Windows.\n  - Avoiding `cmd.exe` entirely in allowlist mode by executing the parsed argv directly when possible.\n\n### Fix Commit(s)\n\n- `a7f4a53ce80c98ba1452eb90802d447fca9bf3d6`\n\nThanks @simecek for reporting.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
@@ -40,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qj77-c3c8-9c3q"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28391"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/a7f4a53ce80c98ba1452eb90802d447fca9bf3d6"
@@ -51,6 +59,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-command-injection-via-cmdexe-parsing-bypass-in-allowlist-enforcement"
     }
   ],
   "database_specific": {
@@ -60,6 +72,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-17T16:44:11Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-05T22:16:15Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/02/GHSA-v773-r54f-q32w/GHSA-v773-r54f-q32w.json b/advisories/github-reviewed/2026/02/GHSA-v773-r54f-q32w/GHSA-v773-r54f-q32w.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v773-r54f-q32w",
-  "modified": "2026-03-05T21:41:05Z",
+  "modified": "2026-03-10T18:42:17Z",
   "published": "2026-02-18T00:51:03Z",
   "aliases": [
     "CVE-2026-28392"
@@ -12,6 +12,10 @@
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
@@ -40,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v773-r54f-q32w"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28392"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/commit/f19eabee54c49e9a2e264b4965edf28a2f92e657"
@@ -51,15 +59,20 @@
     {
       "type": "WEB",
       "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.14"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-in-slack-slash-command-handler-via-direct-messages"
     }
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-285"
+      "CWE-285",
+      "CWE-863"
     ],
-    "severity": "MODERATE",
+    "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-18T00:51:03Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-05T22:16:15Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/02/GHSA-whrj-4476-wvmp/GHSA-whrj-4476-wvmp.json b/advisories/github-reviewed/2026/02/GHSA-whrj-4476-wvmp/GHSA-whrj-4476-wvmp.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-whrj-4476-wvmp",
-  "modified": "2026-02-24T16:06:42Z",
+  "modified": "2026-03-10T18:41:32Z",
   "published": "2026-02-17T18:46:35Z",
   "aliases": [
     "CVE-2026-25500"
   ],
   "summary": "Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href",
-  "details": "## Summary\n\n`Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename begins with the `javascript:` scheme (e.g. `javascript:alert(1)`), the generated index includes an anchor whose `href` attribute is exactly `javascript:alert(1)`. Clicking this entry executes arbitrary JavaScript in the context of the hosting application.\n\nThis results in a client-side XSS condition in directory listings generated by `Rack::Directory`.\n\n## Details\n\n`Rack::Directory` renders directory entries using an HTML row template similar to:\n\n```html\n<a href='%s'>%s</a>\n```\n\nThe `%s` placeholder is populated directly with the file’s basename. If the basename begins with `javascript:`, the resulting HTML contains an executable JavaScript URL:\n\n```html\n<a href='javascript:alert(1)'>javascript:alert(1)</a>\n```\n\nBecause the value is inserted directly into the `href` attribute without scheme validation or normalization, browsers interpret it as a JavaScript URI. When a user clicks the link, the JavaScript executes in the origin of the Rack application.\n\n## Impact\n\nIf `Rack::Directory` is used to expose filesystem contents over HTTP, an attacker who can create or upload files within that directory may introduce a malicious filename beginning with `javascript:`.\n\nWhen a user visits the directory listing and clicks the entry, arbitrary JavaScript executes in the application's origin. Exploitation requires user interaction (clicking the malicious entry).\n\n## Mitigation\n\n* Update to a patched version of Rack in which `Rack::Directory` prefixes generated anchors with a relative path indicator (e.g. `./filename`).\n* Avoid exposing user-controlled directories via `Rack::Directory`.\n* Apply a strict Content Security Policy (CSP) to reduce impact of potential client-side execution issues.\n* Where feasible, restrict or sanitize uploaded filenames to disallow dangerous URI scheme prefixes.",
+  "details": "## Summary\n\n`Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename begins with the `javascript:` scheme (e.g. `javascript:alert(1)`), the generated index includes an anchor whose `href` attribute is exactly `javascript:alert(1)`. Clicking this entry executes arbitrary JavaScript in the context of the hosting application.\n\nThis results in a client-side XSS condition in directory listings generated by `Rack::Directory`.\n\n## Details\n\n`Rack::Directory` renders directory entries using an HTML row template similar to:\n\n```html\n<a href='%s'>%s</a>\n```\n\nThe `%s` placeholder is populated directly with the file’s basename. If the basename begins with `javascript:`, the resulting HTML contains an executable JavaScript URL:\n\n```html\n<a href='javascript:alert(1)'>javascript:alert(1)</a>\n```\n\nBecause the value is inserted directly into the `href` attribute without scheme validation or normalization, browsers interpret it as a JavaScript URI. When a user clicks the link, the JavaScript executes in the origin of the Rack application.\n\n## Impact\n\nIf `Rack::Directory` is used to expose filesystem contents over HTTP, an attacker who can create or upload files within that directory may introduce a malicious filename beginning with `javascript:`.\n\nWhen a user visits the directory listing and clicks the entry, arbitrary JavaScript executes in the application's origin. Exploitation requires user interaction (clicking the malicious entry).\n\n## Mitigation\n\n* Update to a patched version of Rack in which `Rack::Directory` prefixes generated anchors with a relative path indicator (e.g. `./filename`).\n* Avoid exposing user-controlled directories via `Rack::Directory`.\n* Apply a strict Content Security Policy (CSP) to reduce impact of potential client-side execution issues.\n* Where feasible, restrict or sanitize uploaded filenames to disallow dangerous URI scheme prefixes.\n\nHackerOne profile:\nhttps://hackerone.com/thesmartshadow\n\nGitHub account owner:\nAli Firas (@thesmartshadow)",
   "severity": [
     {
       "type": "CVSS_V3",
diff --git a/advisories/github-reviewed/2026/03/GHSA-9c4h-pwmf-m6fj/GHSA-9c4h-pwmf-m6fj.json b/advisories/github-reviewed/2026/03/GHSA-9c4h-pwmf-m6fj/GHSA-9c4h-pwmf-m6fj.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9c4h-pwmf-m6fj",
-  "modified": "2026-03-10T01:19:29Z",
+  "modified": "2026-03-10T18:40:24Z",
   "published": "2026-03-10T01:19:29Z",
   "aliases": [
     "CVE-2026-30960"
@@ -40,13 +40,21 @@
       "type": "WEB",
       "url": "https://github.com/Apich-Organization/rssn/security/advisories/GHSA-9c4h-pwmf-m6fj"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30960"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/Apich-Organization/rssn"
     },
     {
       "type": "WEB",
       "url": "https://github.com/Apich-Organization/rssn/releases/tag/v0.2.9"
+    },
+    {
+      "type": "WEB",
+      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0038.html"
     }
   ],
   "database_specific": {
@@ -61,6 +69,6 @@
     "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-10T01:19:29Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-10T18:18:55Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/03/GHSA-v53h-f6m7-xcgm/GHSA-v53h-f6m7-xcgm.json b/advisories/github-reviewed/2026/03/GHSA-v53h-f6m7-xcgm/GHSA-v53h-f6m7-xcgm.json
@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v53h-f6m7-xcgm",
-  "modified": "2026-03-07T02:32:27Z",
+  "modified": "2026-03-10T18:40:35Z",
   "published": "2026-03-07T02:32:27Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-31900"
+  ],
   "summary": "Black's vulnerable version parsing leads to RCE in GitHub Action",
   "details": "### Impact\n\nBlack provides a [GitHub action](https://black.readthedocs.io/en/stable/integrations/github_actions.html) for formatting code. This action supports an option, `use_pyproject: true`, for reading the version of Black to use from the repository `pyproject.toml`. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. This could lead to arbitrary code execution in the context of the GitHub Action. Attackers could then gain access to secrets or permissions available in the context of the action.\n\n### Patches\n\nVersion 26.3.0 fixes this vulnerability by tightening the validation of the `version` field. Users who use the GitHub Action as `psf/black@stable` will automatically pick up this update.\n\n### Workarounds\n\nDo not use the `use_pyproject: true` option in the psf/black GitHub Action.",
   "severity": [
