Magento 2 Development MCP Server 操作系统命令注入漏洞

Magento 2 Development MCP Server is an open-source AI assistant integrated tool developed by elgentos commerce & configurators for Magento 2. Versions of Magento 2 Development MCP Server prior to 1.0.2 contained a vulnerability related to operating system command injection. This vulnerability...

CVE-2021-33360

An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...

CVE-2024-36420

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this...

Prototype Pollution

@clickbar/dot-diver is vulnerable to Prototype Pollution. The vulnerability is due to the getByPath and setByPath functions in index.ts not properly validating the type of the object being passed. This allows an attacker to potentially modify attributes like proto, constructor, and prototype by...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitizations in the index.ts file, which allows an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

@netlify/ipx is vulnerable to cross-site scripting.The vulnerability exists in createIPXHandler function in index.ts due to improper host validation, which allows an attacker to inject and execute malicious javascript via cache poisoning...

Prototype Pollution

js-ini is vulnerable to prototype pollution. The vulnerability exists in parse function in index.ts and parse.ts due to lack of validations which allows an attacker to send malicious INI files on the application to cause a pollution on prototype...

Open Redirect

got is vulnerable to open redirect. The vulnerability exists onResponseBase function in index.ts because the redirects are enabled to UNIX sockets which allows an attacker to redirect to malicious URLs...

Regular Expression Denial Of Service (ReDoS)

devcert is vulnerable to regular expression denial of service. An attacker can crash the application by providing a malicious input to the certificateFor function of index.ts due to the insecure regex pattern used for VALIDIP and VALIDDOMAIN parameters...

Improper Input Validation

frourio is vulnerable to improper input validation. The vulnerability exists due to improper input validation within the class-validator function through the validators/ folder in the index.ts file, which allows an attacker to bypass security...

Cross-site Scripting (XSS)

@keystone-6/auth is vulnerable to cross-site scripting. The vulnerability exists in the pageMiddleware function in index.ts as it does not properly set pathname, allowing an attacker to gain sensitive information by redirecting to malicious websites...

CVE-2021-26541

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability...

Command injection

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability...

EUVD-2021-0771

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability...