[GHSA-4hmj-39m8-jwc7] OpenClaw has ACP CLI approval prompt ANSI escape sequence injection#7488
Conversation
|
Hi there @steipete! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Updates the advisory metadata for GHSA-4hmj-39m8-jwc7, focusing on correcting CVSS information (notably the CVSS v4 vector string).
Changes:
- Fixes the CVSS:4.0 vector string formatting by removing an invalid trailing separator
- Removes the CVSS v3 severity entry from the advisory
- Updates the
modifiedtimestamp accordingly
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/" | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" | ||
| } | ||
| ], |
There was a problem hiding this comment.
PR description says 'Updates CVSS v3' but this change removes the entire CVSS_V3 entry rather than updating it. Either restore/update the CVSS_V3 object in severity or update the PR description to reflect that CVSS v3 is being removed.
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/" | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" | ||
| } | ||
| ], |
There was a problem hiding this comment.
| "severity": [ | |
| { | |
| "type": "CVSS_V3", | |
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" | |
| }, | |
| { | |
| "type": "CVSS_V4", | |
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/" | |
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" | |
| } | |
| ], | |
| "severity": [ | |
| { | |
| "type": "CVSS_V3", | |
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" | |
| }, | |
| { | |
| "type": "CVSS_V4", | |
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" | |
| } | |
| ], |
Updates
Comments
CVSS:4.0 vector string was invalid.