11 matches found
Envoy AI Proxy - MCP Message Smuggling Vulnerability
Envoy AI Gateway was found to be affected by a protocol parser differential vulnerability due to improper implementation of the JSON-RPC 2.0 specification. Such differential causes a MCP message alteration, potentially causing a bypass of security controls in a multi-layered architecture. Accordi...
CVE-2026-5029
A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...
Astra Linux - уязвимость в thrift
In Apache Thrift versions 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when receiving invalid input data...
VulnCheck KEV: CVE-2021-26605
An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication...
OESA-2021-1017 thrift security update
The Apache Thrift software framework for cross-language services development combines a software stack with a code generation engine to build services that work efficiently and seamlessly between C++, Java, Python, and other languages.\r\n\r\n Security Fixes:\r\n\r\n In Apache Thrift all versions...
thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...
thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...
thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...
DEBIAN-CVE-2019-0210
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...
UBUNTU-CVE-2019-0210
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data...
Apache Thrift Out-of-Bounds Read Vulnerability
Apache Thrift is an interface definition language and binary communication protocol for defining and creating services for multiple languages. Apache Thrift suffers from an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by invalidating input data to cause a panic...