3 matches found
NPM: mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath
NPM: mcp-memory-keeper: Arbitrary local file read in contextimport via unvalidated filePath vulnerability discovered by ? in WordPress Npm mcp-memory-keeper versions 0.13.0...
mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath
Impact contextimport passed the caller-supplied filePath directly to fs.readFileSync with no path confinement. A malicious MCP client — or an LLM agent that is prompt-injected into calling the tool — could point filePath at any file readable by the server process, outside any session or export...
kernel: SUNRPC: fix a memleak in gss_import_v2_context
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gssimportv2context The ctx-mechused.data allocated by kmemdup is not freed in neither gssimportv2context nor it only caller gsskrb5importseccontext, which frees ctx on error. Thus, this patch reform the...