4 matches found
CVE-2025-63604
A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...
CVE-2025-63604
A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...
CVE-2025-63604
CVE-2025-63604 affects baryhuang/mcp-server-aws-resources-python 0.1.0. A code-injection flaw stems from insufficient input validation in the execute_query method, exposing dangerous built-ins (import , getattr, hasattr) in the execution namespace and using exec() to run user-supplied code. Attac...
PT-2025-47332
Name of the Vulnerable Software and Affected Versions baryhuang/mcp-server-aws-resources-python version 0.1.0 Description A code injection issue exists due to insufficient input validation in the execute query method. This allows for remote code execution by exposing dangerous Python built-in...