| शीर्षक | 8421bit MiniClaw 0 Path Traversal |
|---|
| विवरण | The executeSkillScript function is vulnerable to Path Traversal (CWE-22).
The function constructs the script path using unsanitized user-controlled inputs (skillName, scriptFile) with path.join(), without validating that the final path stays within the allowed SKILLS_DIR directory. Attackers can use ../ sequences to access arbitrary files on the server filesystem.
More details: https://github.com/8421bit/MiniClaw/issues/5 |
|---|
| स्रोत | ⚠️ https://github.com/8421bit/MiniClaw/issues/5 |
|---|
| उपयोगकर्ता | ybdesire (UID 83239) |
|---|
| सबमिशन | 20/04/2026 12:54 PM (1 महीना पहले) |
|---|
| संयम | 07/05/2026 06:33 PM (17 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 361901 [8421bit MiniClaw तक 43905b934cf76489ab28e4d17da28ee97970f91f executeSkillScript src/kernel.ts isPathInside निर्देशिका ट्रैवर्सल] |
|---|
| अंक | 20 |
|---|