Cases
GHSA-pg8g-f2hf-x82m
HIGHSeverityHIGH
Repositoryopenclaw/openclaw
PublishedApr 9, 2026, 12:31 AM
Refb4034b32c365c69db0d5ad7ff649bc9920842f40
Advisory summary
Duplicate Advisory: OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects
Curator analysis
Synopsis
Unsafe request bodies can be replayed by `fetchWithSsrFGuard` across cross-origin redirects, exposing body data and related headers to unintended origins.
Vulnerability classes
cross-origin redirect replayrequest body replayheader retention
Sink hints
src/infra/net/fetch-guard.ts
`fetchWithSsrFGuard` is the named component in the advisory, and its redirect-following logic is where cross-origin 307/308 replay behavior would preserve or drop request method, body, and headers.
src/infra/net/redirect-headers.ts
`fetch-guard.ts` imports cross-origin redirect header filtering from this neighboring file, so header retention or stripping across redirect hops is likely implemented here.
Expected components
fetchWithSsrFGuardcross-origin redirect handlingredirect header filtering
Model scores(5)
openai/gpt-5.4partial
72.00View trace
Target Alignment
20
Source To Sink Reasoning
22
Impact And Exploitability
14
Evidence Quality
9
Overclaim Control
7
google/gemini-3.1-pro-previewpartial
58.00View trace
Target Alignment
18
Source To Sink Reasoning
14
Impact And Exploitability
13
Evidence Quality
5
Overclaim Control
8
z-ai/glm-5.1partial
56.00View trace
Target Alignment
16
Source To Sink Reasoning
18
Impact And Exploitability
13
Evidence Quality
8
Overclaim Control
1
anthropic/claude-opus-4.6partial
51.50View trace
Target Alignment
60
Source To Sink Reasoning
40
Impact And Exploitability
60
Evidence Quality
55
Overclaim Control
40
moonshotai/kimi-k2.5partial
35.00View trace
Target Alignment
12
Source To Sink Reasoning
10
Impact And Exploitability
7
Evidence Quality
4
Overclaim Control
2