Enviar #813768: FoundDream miniclawd 0 Command Injectioninformación

TítuloFoundDream miniclawd 0 Command Injection
DescripciónA critical command injection vulnerability exists in the which() method of SkillsLoader. The method directly concatenates unsanitized input from skill metadata requires.bins into a shell command executed via execSync(). The bins value is loaded from untrusted external SKILL.md files with no validation, sanitization, or escaping. An attacker who can create or modify a skill file can execute arbitrary system commands with the process's privileges. More details: https://github.com/FoundDream/miniclawd/issues/2
Fuente⚠️ https://github.com/FoundDream/miniclawd/issues/2
Usuario
 ybdesire (UID 83239)
Sumisión2026-04-27 04:33 (hace 1 mes)
Moderación2026-05-24 09:54 (27 days later)
EstadoAceptado
Entrada de VulDB365434 [FoundDream miniclawd hasta 2d65665046e2222eeea76cafc8570ed546a8c125 SkillsLoader skills-loader.ts which requires.bins escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!