GHSA-RH62-J648-G5QC Recce server has unauthenticated SQL execution that allows local file read/write through DuckDB
Impact Recce OSS server deployments that expose the server to an untrusted network without authentication are vulnerable to unauthenticated SQL execution through the query run API. When Recce is configured with a DuckDB-backed project, an attacker can use DuckDB filesystem primitives to read and...