4 matches found
Arbitrary Command Injection
Overview @idachev/mcp-javadc is a Model Context Protocol MCP server for Java decompilation Affected versions of this package are vulnerable to Arbitrary Command Injection via the HTTP Interface component when processing the jarFilePath argument. An attacker can execute arbitrary operating system...
PT-2026-31446
A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...
MCP Java Decompiler Server 操作系统命令注入漏洞
MCP Java Decompiler Server is a Java bytecode decompilation server developed by Ivan Dachev. Versions of MCP Java Decompiler Server 1.2.4 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from the handling of the parameter jarFilePath in the...
UBUNTU-CVE-2023-29538
Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...