Duplicate Advisory: OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text · GHSA-w6f4-3v35-qjhj · GitHub Advisory Database · GitHub

Duplicate Advisory: OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Moderate severity GitHub Reviewed Published Mar 21, 2026 to the GitHub Advisory Database • Updated Mar 24, 2026

Withdrawn This advisory was withdrawn on Mar 24, 2026

0 Open 0 Closed

No open alerts for this advisory

Give feedback on Dependabot alerts