Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit b8794d3c8ab1 · 2026-02-27T21:55:52.000Z
GHSA-4685-c5cp-vp95 GHSA-5476-xc4j-rqcv
diff --git a/advisories/github-reviewed/2026/02/GHSA-4685-c5cp-vp95/GHSA-4685-c5cp-vp95.json b/advisories/github-reviewed/2026/02/GHSA-4685-c5cp-vp95/GHSA-4685-c5cp-vp95.json
@@ -1,11 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4685-c5cp-vp95",
-  "modified": "2026-02-19T22:06:00Z",
+  "modified": "2026-02-27T21:54:41Z",
   "published": "2026-02-19T22:06:00Z",
   "aliases": [],
   "summary": "OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags",
-  "details": "## Summary\n`tools.exec.safeBins` could be bypassed for filesystem access when `sort` output flags (`-o` / `--output`) or recursive `grep` flags were allowed through safe-bin execution paths.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.17`\n- Patched versions: `>= 2026.2.19`\n- Latest published version at triage time: `2026.2.17`\n\n## Impact\nIn deployments that enabled `tools.exec.safeBins`, an attacker with access to command execution flows could turn intended stdin-only safe-bin usage into file writes (`sort -o`) or recursive file reads (`grep -R`).\n\n## Fix Commit(s)\n- `cfe8457a0f4aae5324daec261d3b0aad1461a4bc`\n\nThanks @nedlir for reporting.",
+  "details": "## Summary\n`tools.exec.safeBins` could be bypassed for filesystem access when `sort` output flags (`-o` / `--output`) or recursive `grep` flags were allowed through safe-bin execution paths.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.17`\n- Patched versions: `>= 2026.2.18`\n- Latest published version at triage time: `2026.2.17`\n\n## Impact\nIn deployments that enabled `tools.exec.safeBins`, an attacker with access to command execution flows could turn intended stdin-only safe-bin usage into file writes (`sort -o`) or recursive file reads (`grep -R`).\n\n## Fix Commit(s)\n- `cfe8457a0f067c89cb8f0a3684f619bc2b73d680`\n\nFound using [MCPwner](https://github.com/Pigyon/MCPwner)\n\nThanks @nedlir for reporting.",
   "severity": [
     {
       "type": "CVSS_V3",
diff --git a/advisories/github-reviewed/2026/02/GHSA-5476-xc4j-rqcv/GHSA-5476-xc4j-rqcv.json b/advisories/github-reviewed/2026/02/GHSA-5476-xc4j-rqcv/GHSA-5476-xc4j-rqcv.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5476-xc4j-rqcv",
-  "modified": "2026-02-25T18:35:23Z",
+  "modified": "2026-02-27T21:53:39Z",
   "published": "2026-02-25T18:35:23Z",
   "aliases": [
     "CVE-2026-27830"
@@ -40,13 +40,29 @@
       "type": "WEB",
       "url": "https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27830"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e"
     },
     {
       "type": "PACKAGE",
       "url": "https://github.com/swaldman/c3p0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.mchange.com/projects/c3p0/#configuring_security"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.mchange.com/projects/c3p0/#security-note"
     }
   ],
   "database_specific": {
@@ -57,6 +73,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-25T18:35:23Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-02-26T01:16:24Z"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,11 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-4685-c5cp-vp95",`
`4`		`- "modified": "2026-02-19T22:06:00Z",`
	`4`	`+ "modified": "2026-02-27T21:54:41Z",`
`5`	`5`	`"published": "2026-02-19T22:06:00Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags",`
`8`		- "details": "## Summary\n`tools.exec.safeBins` could be bypassed for filesystem access when `sort` output flags (`-o` / `--output`) or recursive `grep` flags were allowed through safe-bin execution paths.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.17`\n- Patched versions: `>= 2026.2.19`\n- Latest published version at triage time: `2026.2.17`\n\n## Impact\nIn deployments that enabled `tools.exec.safeBins`, an attacker with access to command execution flows could turn intended stdin-only safe-bin usage into file writes (`sort -o`) or recursive file reads (`grep -R`).\n\n## Fix Commit(s)\n- `cfe8457a0f4aae5324daec261d3b0aad1461a4bc`\n\nThanks @nedlir for reporting.",
	`8`	+ "details": "## Summary\n`tools.exec.safeBins` could be bypassed for filesystem access when `sort` output flags (`-o` / `--output`) or recursive `grep` flags were allowed through safe-bin execution paths.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.17`\n- Patched versions: `>= 2026.2.18`\n- Latest published version at triage time: `2026.2.17`\n\n## Impact\nIn deployments that enabled `tools.exec.safeBins`, an attacker with access to command execution flows could turn intended stdin-only safe-bin usage into file writes (`sort -o`) or recursive file reads (`grep -R`).\n\n## Fix Commit(s)\n- `cfe8457a0f067c89cb8f0a3684f619bc2b73d680`\n\nFound using [MCPwner](https://github.com/Pigyon/MCPwner)\n\nThanks @nedlir for reporting.",
`9`	`9`	`"severity": [`
`10`	`10`	`{`
`11`	`11`	`"type": "CVSS_V3",`