Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20260704034840.GA588@openwall.com>
Date: Sat, 4 Jul 2026 05:48:40 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: xylove21 <xuy0515@...il.com>
Subject: Re: Wasm OCI Image Fetcher Bearer Realm SSRF Bypass

On Fri, Jul 03, 2026 at 08:35:57PM -0700, h wrote:
> From email headers on at least the first and last emails, and probably 
> the others:
> > X-Mailer: OpenClaw disclosure sender
> 
> I think it's safe to say that this is certainly an LLM, given that.

Thanks.  What does presence of this header guarantee in terms of lack of
human review?  May it be set on messages that passed human review?  If
not, it's tempting to block messages with that header from even reaching
the moderators.

I guess this also explains why messages are sent from a made-up address.

CC'ing another address for xylove21 now, maybe a real one.  I also
forwarded my previous reply to there.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.