Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS

HTTP transports expose unauthenticated PowerShell control with wildcard CORS There is an issue in the SSE and Streamable HTTP transport modes. The default stdio mode is not affected, but the documented HTTP modes expose the MCP control plane without authentication and add wildcard CORS handling...

org.apache.camel:camel-cxf (>=2.9.0 <=2.9.0-RC1), org.apache.camel:camel-example-cxf (>=2.9.0 <=2.9.0-RC1) +117 more potentially affected by CVE-2012-5575 via org.apache.cxf:cxf-rt-transports-http (>=2.5.0 <=2.5.1)

org.apache.cxf:cxf-rt-transports-http MAVEN version =2.5.0, =2.9.0, =2.9.0, =2.9.0, =2.9.0, =2.9.0, =2.9.0, =2.9.0, =2.9.0, =2.9.0, =2.9.0, =2.9.0, =2.5.0, =2.5.0, =2.5.0, =2.5.0, =2.5.1 and more Source cves: CVE-2012-5575 Source advisory: OSV:GHSA-7V5V-9V8R-W864...

com.feelercloud:esap-mesh (=2.0.32), com.github.arucard21.simplyrestful:simplyrestful-jetty (=0.5) +439 more potentially affected by CVE-2018-8039 via org.apache.cxf:cxf-rt-transports-http (>=3.2.0 <=3.2.4)

org.apache.cxf:cxf-rt-transports-http MAVEN version =3.2.0, =0.0.1, =1.0.3, =1.0.3, =1.0.0.RELEASE, =2.6.0, =2.0.0, =1.3.0-RELEASE, =2.0.1-RELEASE - de.alpharogroup:gen-db-core =0.9.3 - de.alpharogroup:gen-db-sources =0.9.3 and more Source cves: CVE-2018-8039 Source advisory: OSV:GHSA-JC7R-V6FG-2...