Описание
OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to unintended origins.
EPSS
Процентиль: 9%
0.0003
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-601
Связанные уязвимости
CVSS3: 6.5
github
2 дня назад
OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to unintended origins.
EPSS
Процентиль: 9%
0.0003
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-601