2 matches found
CVE-2025-69256 serverless MCP Server vulnerable to command injection in list-projects tool
The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This...
CVE-2025-69256
creationtimestamp| type| source ---|---|--- 2025-12-30 18:16:51+00:00| published-proof-of-concept| https://github.com/serverless/serverless/security/advisories/GHSA-rwc2-f344-q6w6 2025-12-30 19:16:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mba2t6ve4l2u 2025-12-30...