CVE-2026-7314

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function getdocpath of the file src/spiredocmcp/api/base.py. Performing a manipulation of the argument documentname results in path traversal. The attack can be initiated remotely. The exploit is now public and...

CVE-2026-7314 eiceblue spire-doc-mcp-server base.py get_doc_path path traversal

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function getdocpath of the file src/spiredocmcp/api/base.py. Performing a manipulation of the argument documentname results in path traversal. The attack can be initiated remotely. The exploit is now public and...

CVE-2026-7314

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function getdocpath of the file src/spiredocmcp/api/base.py. Performing a manipulation of the argument documentname results in path traversal. The attack can be initiated remotely. The exploit is now public and...

CVE-2026-7314

The CVE-2026-7314 vulnerability affects eiceblue spire-doc-mcp-server 1.0.0. It targets the function get_doc_path in src/spire_doc_mcp/api/base.py, where manipulating the document_name argument enables path traversal. The issue can be exploited remotely; the public exploit is available, and the p...

CVE-2026-7314 eiceblue spire-doc-mcp-server base.py get_doc_path path traversal

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function getdocpath of the file src/spiredocmcp/api/base.py. Performing a manipulation of the argument documentname results in path traversal. The attack can be initiated remotely. The exploit is now public and...

EUVD-2026-26151

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function getdocpath of the file src/spiredocmcp/api/base.py. Performing a manipulation of the argument documentname results in path traversal. The attack can be initiated remotely. The exploit is now public and...

Spire.Doc MCP Server 路径遍历漏洞

Spire.Doc MCP Server is a tool provided by E-iceblue Product Family for individual developers, allowing them to work with Word documents without using Microsoft Word. Version 1.0.0 of Spire.Doc MCP Server contains a path traversal vulnerability. This vulnerability arises from the operation of the...

PT-2026-35827

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function get doc path of the file src/spire doc mcp/api/base.py. Performing a manipulation of the argument document name results in path traversal. The attack can be initiated remotely. The exploit is now public...

GHSA-GM8G-XHH8-RMWR Prototype Pollution in doc-path

This affects the package doc-path before 2.1.2...

@adeunis/codecs (>=1.3.0 <=1.4.0), @digifi-los/reactapp (>=0.0.1 <=0.1.2) +45 more potentially affected by CVE-2020-7772 via doc-path (>=1.0.7 <=2.1.0)

doc-path NPM version =1.0.7, =1.3.0, =0.0.1, =1.0.5, =0.0.2, =0.0.3-alpha.5, =0.0.3-alpha.5, =0.0.2, =0.0.3-alpha.9, =0.0.3-alpha.5, =0.0.3-alpha.13, =0.0.3-alpha.5, =0.0.3-alpha.10, =0.0.3-alpha.14, =0.0.3-alpha.18 - adeunis-codecs-lib3 =1.3.0 - adeunis-codecs-lib4 =1.3.0 and more Source cves:...

Prototype Pollution

doc-path is vulnerable to prototype pollution. An attacker is able to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

CVE-2020-7772

CVE-2020-7772 applies to the doc-path package (Node.js). Connected sources confirm a prototype pollution vulnerability affecting doc-path versions prior to 2.3.0 (initially noted as before 2.1.2). Mitigation: upgrade doc-path to 2.3.0 or higher. The issue enables pollution via object prototype mo...

@adeunis/codecs (>=1.3.0 <=1.4.0), @koalarx/utils (>=3.0.7 <=3.0.8) +5 more potentially affected by CVE-2020-7772 via doc-path (>=2.0.0 <=2.2.0)

doc-path NPM version =2.0.0, =1.3.0, =3.0.7, =1.0.5, =3.2.0, =1.1.4, =1.2.3 Source cves: CVE-2020-7772 Source advisory: SNYK:JS-DOCPATH-1011952...