Publish GHSA-4685-c5cp-vp95

advisory-database[bot] · advisory-database[bot] · commit a459e9b56f07 · 2026-03-16T19:48:11.000Z
diff --git a/advisories/github-reviewed/2026/02/GHSA-4685-c5cp-vp95/GHSA-4685-c5cp-vp95.json b/advisories/github-reviewed/2026/02/GHSA-4685-c5cp-vp95/GHSA-4685-c5cp-vp95.json
@@ -1,11 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4685-c5cp-vp95",
-  "modified": "2026-02-27T21:54:41Z",
+  "modified": "2026-03-16T19:46:44Z",
   "published": "2026-02-19T22:06:00Z",
   "aliases": [],
   "summary": "OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags",
-  "details": "## Summary\n`tools.exec.safeBins` could be bypassed for filesystem access when `sort` output flags (`-o` / `--output`) or recursive `grep` flags were allowed through safe-bin execution paths.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.17`\n- Patched versions: `>= 2026.2.18`\n- Latest published version at triage time: `2026.2.17`\n\n## Impact\nIn deployments that enabled `tools.exec.safeBins`, an attacker with access to command execution flows could turn intended stdin-only safe-bin usage into file writes (`sort -o`) or recursive file reads (`grep -R`).\n\n## Fix Commit(s)\n- `cfe8457a0f067c89cb8f0a3684f619bc2b73d680`\n\nFound using [MCPwner](https://github.com/Pigyon/MCPwner)\n\nThanks @nedlir for reporting.",
+  "details": "## Summary\n`tools.exec.safeBins` could be bypassed for filesystem access when `sort` output flags (`-o` / `--output`) or recursive `grep` flags were allowed through safe-bin execution paths.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.17`\n- Patched versions: `>= 2026.2.19`\n- Latest published version at triage time: `2026.2.17`\n\n## Impact\nIn deployments that enabled `tools.exec.safeBins`, an attacker with access to command execution flows could turn intended stdin-only safe-bin usage into file writes (`sort -o`) or recursive file reads (`grep -R`).\n\n## Fix Commit(s)\n- `2c05cbb43e48ebad03626d3125746fb1b9a8520f`\n\nFound using [MCPwner](https://github.com/Pigyon/MCPwner)\n\nThanks @nedlir for reporting.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -43,7 +43,7 @@
     },
     {
       "type": "WEB",
-      "url": "https://github.com/openclaw/openclaw/commit/cfe8457a0f4aae5324daec261d3b0aad1461a4bc"
+      "url": "https://github.com/openclaw/openclaw/commit/2c05cbb43e48ebad03626d3125746fb1b9a8520f"
     },
     {
       "type": "PACKAGE",

Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,11 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-4685-c5cp-vp95",`
`4`		`- "modified": "2026-02-27T21:54:41Z",`
	`4`	`+ "modified": "2026-03-16T19:46:44Z",`
`5`	`5`	`"published": "2026-02-19T22:06:00Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags",`
`8`		- "details": "## Summary\n`tools.exec.safeBins` could be bypassed for filesystem access when `sort` output flags (`-o` / `--output`) or recursive `grep` flags were allowed through safe-bin execution paths.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.17`\n- Patched versions: `>= 2026.2.18`\n- Latest published version at triage time: `2026.2.17`\n\n## Impact\nIn deployments that enabled `tools.exec.safeBins`, an attacker with access to command execution flows could turn intended stdin-only safe-bin usage into file writes (`sort -o`) or recursive file reads (`grep -R`).\n\n## Fix Commit(s)\n- `cfe8457a0f067c89cb8f0a3684f619bc2b73d680`\n\nFound using [MCPwner](https://github.com/Pigyon/MCPwner)\n\nThanks @nedlir for reporting.",
	`8`	+ "details": "## Summary\n`tools.exec.safeBins` could be bypassed for filesystem access when `sort` output flags (`-o` / `--output`) or recursive `grep` flags were allowed through safe-bin execution paths.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.2.17`\n- Patched versions: `>= 2026.2.19`\n- Latest published version at triage time: `2026.2.17`\n\n## Impact\nIn deployments that enabled `tools.exec.safeBins`, an attacker with access to command execution flows could turn intended stdin-only safe-bin usage into file writes (`sort -o`) or recursive file reads (`grep -R`).\n\n## Fix Commit(s)\n- `2c05cbb43e48ebad03626d3125746fb1b9a8520f`\n\nFound using [MCPwner](https://github.com/Pigyon/MCPwner)\n\nThanks @nedlir for reporting.",
`9`	`9`	`"severity": [`
`10`	`10`	`{`
`11`	`11`	`"type": "CVSS_V3",`
`@@ -43,7 +43,7 @@`
`43`	`43`	`},`
`44`	`44`	`{`
`45`	`45`	`"type": "WEB",`
`46`		`- "url": "https://github.com/openclaw/openclaw/commit/cfe8457a0f4aae5324daec261d3b0aad1461a4bc"`
	`46`	`+ "url": "https://github.com/openclaw/openclaw/commit/2c05cbb43e48ebad03626d3125746fb1b9a8520f"`
`47`	`47`	`},`
`48`	`48`	`{`
`49`	`49`	`"type": "PACKAGE",`