A command injection vulnerability exists in nextlevelbuilder GoClaw versions up to 3.11.3, specifically within the FsBridge.WriteFile function in internal/sandbox/fsbridge.go. The vulnerability is reachable through the write_file tool and allows remote attackers to execute arbitrary operating system commands. The issue has been publicly disclosed with an available exploit, and a fix pull request is pendin [truncated]
A low-severity improper authorization vulnerability in nextlevelbuilder GoClaw affects the auth function in internal/http/evolution_handlers.go through version 3.11.3. The vulnerability allows remote attackers to bypass authorization controls. The issue has been publicly disclosed and tagged as a bug by the project maintainers. The CVSS 4.0 vector indicates network attack vector with low attack complexity [truncated]
