|
|
Message-ID: <20260704034840.GA588@openwall.com> Date: Sat, 4 Jul 2026 05:48:40 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: xylove21 <xuy0515@...il.com> Subject: Re: Wasm OCI Image Fetcher Bearer Realm SSRF Bypass On Fri, Jul 03, 2026 at 08:35:57PM -0700, h wrote: > From email headers on at least the first and last emails, and probably > the others: > > X-Mailer: OpenClaw disclosure sender > > I think it's safe to say that this is certainly an LLM, given that. Thanks. What does presence of this header guarantee in terms of lack of human review? May it be set on messages that passed human review? If not, it's tempting to block messages with that header from even reaching the moderators. I guess this also explains why messages are sent from a made-up address. CC'ing another address for xylove21 now, maybe a real one. I also forwarded my previous reply to there. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.