farcasclaudiu/openclaw
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/openclaw.git synced 2026-06-29 11:02:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix(lobster): block arbitrary exec via lobsterPath/cwd (GHSA-4mhr-g7xj-cg8j) (#5335)

Browse Source 
* fix(lobster): prevent arbitrary exec via lobsterPath/cwd

* fix(lobster): harden lobsterPath errors + normalize cwd sandboxing

* fix(lobster): ignore tool-provided lobsterPath; validate + use plugin config

* fix(lobster): use plugin config lobsterPath + add tests (#5335) (thanks @vignesh07)

* fix(lobster): make Windows spawn fallback handle ENOENT (#5335) (thanks @vignesh07)

---------

Co-authored-by: Tyler Yust <TYTYYUST@YAHOO.COM>
This commit is contained in:
Vignesh
2026-01-31 12:46:20 -08:00
committed by GitHub
parent 34e2425b4d
commit 1295b67057
3 changed files with 226 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+1
View File
@@ -9,6 +9,7 @@ Docs: https://docs.openclaw.ai
### Fixes
- Telegram: restore draft streaming partials. (#5543) Thanks @obviyus.
- fix(lobster): block arbitrary exec via lobsterPath/cwd injection (GHSA-4mhr-g7xj-cg8j). (#5335) Thanks @vignesh07.
## 2026.1.30