Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-56t4-p2fe-guhg
Summary
OpenClaw's owner-only gateway tool access checks were incomplete in specific authenticated DM flows
In authenticated non-owner DM sessions, a narrow tool-invocation path could reach broader-than-intended owner-only gateway actions.
Aliases
0
alias GHSA-2hm8-rqrm-xfjq
Fixed_packages
0
url pkg:npm/openclaw@2026.2.19
purl pkg:npm/openclaw@2026.2.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.19
Affected_packages
References
0
reference_url https://github.com/openclaw/openclaw
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openclaw/openclaw
1
reference_url https://github.com/openclaw/openclaw/commit/2777d8ad91ef1e8a7c6f5b4b18f8507be7d02914
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openclaw/openclaw/commit/2777d8ad91ef1e8a7c6f5b4b18f8507be7d02914
2
reference_url https://github.com/openclaw/openclaw/commit/3d7ad1cfca4daaa84cd553e843e0e08fa6201349
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openclaw/openclaw/commit/3d7ad1cfca4daaa84cd553e843e0e08fa6201349
3
reference_url https://github.com/openclaw/openclaw/commit/a40c10d3e24568b1e2947c104484be74bf66b8d2
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openclaw/openclaw/commit/a40c10d3e24568b1e2947c104484be74bf66b8d2
4
reference_url https://github.com/advisories/GHSA-2hm8-rqrm-xfjq
reference_id GHSA-2hm8-rqrm-xfjq
reference_type
scores
url https://github.com/advisories/GHSA-2hm8-rqrm-xfjq
5
reference_url https://github.com/openclaw/openclaw/security/advisories/GHSA-2hm8-rqrm-xfjq
reference_id GHSA-2hm8-rqrm-xfjq
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openclaw/openclaw/security/advisories/GHSA-2hm8-rqrm-xfjq
Weaknesses
0
cwe_id 269
name Improper Privilege Management
description The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
1
cwe_id 863
name Incorrect Authorization
description The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-56t4-p2fe-guhg