17 matches found
CVE-2026-25905
The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing...
CVE-2026-25905
CVE-2026-25905 describes a lack of isolation between Python code executed by runPython/runPythonAsync and the surrounding JavaScript environment. This lets Python code access Pyodide APIs to modify the JS context, which could enable an attacker to hijack the MCP server and shadow MCP tooling. The...
CVE-2026-25905 Lack of isolation in mcp-run-python leads to MCP server takeover
The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing...
PT-2026-7090
Name of the Vulnerable Software and Affected Versions MCP affected versions not specified Description The Python code executed by the 'runPython' or 'runPythonAsync' functions lacks isolation from other JavaScript code. This allows Python code to utilize Pyodide APIs to alter the JavaScript...
Linux Distros Unpatched Vulnerability : CVE-2023-26268
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document...
CVE-2023-26268
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...
BIT-COUCHDB-2023-26268 Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...
FreeBSD : couchdb -- information sharing via couchjs processes (fd47fcfe-ec69-4000-b9ce-e5e62102c1c7)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fd47fcfe-ec69-4000-b9ce-e5e62102c1c7 advisory. - Design documents with matching document IDs, from databases on the same cluster, may share a mutable...
Code injection
SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...
CVE-2023-39532
SES is a JavaScript environment with a confinement hole in guest compartments that can allow exfiltration or arbitrary code execution via dynamic import after a spread operator ({...import(...)}) in vulnerable versions (0.18.0–0.18.7, 0.17.0–0.17.1, 0.16.0–0.16.1, 0.15.0–0.15.24, 0.14.0–0.14.5, 0...
Apache CouchDB < 3.2.3 / 3.3.x < 3.3.2 Information Disclosure
According to its banner, the version of CouchDB running on the remote host is prior to 3.2.3 or 3.3.x prior to 3.3,2. It is, therefore, affected by an information disclosure vulnerability. Design documents with matching document IDs, from databases on the same cluster, may share a mutable...
CVE-2023-26268
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...
CVE-2023-26268
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...
Code injection
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...
CVE-2023-26268 Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...
CVE-2023-26268 Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes
Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...
Apache CouchDB 信息泄露漏洞
Apache CouchDB is the United States Apache Apache Foundation's use of Erlang development of a document-oriented database system. An information disclosure vulnerability exists in Apache CouchDB, which stems from the fact that design documents with matching document IDs from databases on the same...