Cradicle Explorer
ai-agents-security_AI-Infra-Guard
/ data / vuln_en / openclaw / GHSA-37v6-fxx8-xjmx.yaml
GHSA-37v6-fxx8-xjmx.yaml
 1  info:
 2    name: OpenClaw
 3    cve: GHSA-37v6-fxx8-xjmx
 4    summary: OpenClaw Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding
 5    details: >-
 6      Summary
 7  
 8      Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding
 9  
10  
11      Current Maintainer Triage
12  
13      - Status: narrow
14  
15      - Normalized severity: low
16  
17      - Assessment: Shipped v2026.3.28 replay hashing treated equivalent Telnyx Base64/Base64URL signatures as distinct requests,
18      but signature verification still held, so lower to low.
19  
20  
21      Affected Packages / Versions
22  
23      - Package: openclaw (npm)
24  
25      - Latest published npm version: 2026.3.31
26  
27      - Vulnerable version range: <=2026.3.28
28  
29      - Patched versions: >= 2026.3.31
30  
31      - First stable tag containing the fix: v2026.3.31
32    cvss: ''
33    severity: LOW
34    security_advise: Upgrade openclaw to >= 2026.3.31 or later. Commit(s) - ad77666054651c1fd77b1dc60fd6a8db6600a29a — 2026-03-30T20:01:43+01:00
35    references:
36    - https://github.com/openclaw/openclaw/security/advisories/GHSA-37v6-fxx8-xjmx
37  rule: version <= "2026.3.28"
38  references:
39  - https://github.com/openclaw/openclaw/security/advisories/GHSA-37v6-fxx8-xjmx