GHSA-75MJ-4G74-9RG2 Universal Tool Calling Protocol (UTCP) client library for Python vulnerable to Trust Boundary Violation through Manual JSON specification

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

CVE-2025-14542 Command execution in python-utcp allows attackers to achieve remote code execution when fetching a remote Manual from a malicious endpoint

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

Universal Tool Calling Protocol 安全漏洞

Universal Tool Calling Protocol is an official python implementation library for UTCP in the Universal Tool Calling Protocol open source. A security vulnerability exists in Universal Tool Calling Protocol that originates when a client obtains the JSON specification of a tool from a remote Manual...

GHSA-VVM3-RV48-J3G5 Zendframework Potential XSS or HTML Injection vector in Zend_Json

ZendJsonEncoder was not taking into account the solidus character / during encoding, leading to incompatibilities with the JSON specification, and opening the potential for XSS or HTML injection attacks when returning HTML within a JSON string...

[SECURITY] Fedora 40 Update: json_simple-1.1.1-34.fc40

JSON.simple is a simple Java toolkit for JSON. You can use JSON.simple to encode or decode JSON text. Full compliance with JSON specification RFC4627 and reliable Provides multiple functionalities such as encode, decode/parse and escape JSON text while keeping the library lightweight Flexible,...

Fedora: Security Advisory for rubygem-json (FEDORA-2020-d171bf636d)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for rubygem-json FEDORA-2013-3052

Check for the Version of rubygem-json OpenVAS Vulnerability Test Fedora Update for rubygem-json FEDORA-2013-3052 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Fedora Update for rubygem-json FEDORA-2013-3050

Check for the Version of rubygem-json OpenVAS Vulnerability Test Fedora Update for rubygem-json FEDORA-2013-3050 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

[SECURITY] Fedora 17 Update: rubygem-json-1.6.8-1.fc17

This is a implementation of the JSON specification according to RFC 4627 in Ruby. You can think of it as a low fat alternative to XML, if you want to store data to disk or transmit it over a network rather than use a verbose markup language...