Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/08 9:10 p.m.7 views

Arbitrary Command Injection

Overview @idachev/mcp-javadc is a Model Context Protocol MCP server for Java decompilation Affected versions of this package are vulnerable to Arbitrary Command Injection via the HTTP Interface component when processing the jarFilePath argument. An attacker can execute arbitrary operating system...

7.5CVSS6.1AI score0.01651EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.11 views

PT-2026-31446

A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

7.5CVSS5.6AI score0.01651EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

MCP Java Decompiler Server 操作系统命令注入漏洞

MCP Java Decompiler Server is a Java bytecode decompilation server developed by Ivan Dachev. Versions of MCP Java Decompiler Server 1.2.4 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from the handling of the parameter jarFilePath in the...

7.5CVSS7.1AI score0.01651EPSS
Exploits0References6
OSV
OSV
added 2023/04/12 12:0 a.m.7 views

UBUNTU-CVE-2023-29538

Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

4.3CVSS6.2AI score0.00397EPSS
Exploits0References4
Rows per page
Query Builder