Arbitrary Argument Injection

Overview dbt-mcp is an A MCP Model Context Protocol server for interacting with dbt resources. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the nodeselection or resourcetype parameters in the rundbtcommand process. An attacker can override configuration fil...

GHSA-XPWW-F6PM-CFHQ dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary rundbtcommand in src/dbtmcp/dbtcli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two independen...

dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary rundbtcommand in src/dbtmcp/dbtcli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two independen...

PT-2026-41148

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary run dbt command in src/dbt mcp/dbt cli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two...

Secret Sharing in 5G-MEC: Applicability for Joint Security and Dependability

Multi-access Edge Computing MEC, an enhancement of 5G, processes data closer to its generation point, reducing latency and network load. However, the distributed and edge-based nature of 5G-MEC presents privacy and security challenges, including data exposure risks. Ensuring efficient manipulatio...

SUSE-RU-2023:4334-1 Recommended update for slurm_23_02

This update for slurm2302 fixes the following issues: - Updated to version 23.02.5 with the following changes: Bug Fixes: + Revert a change in 23.02 where SLURMNTASKS was no longer set in the job's environment when --ntasks-per-node was requested. The method that is is being set, however, is...

SUSE-RU-2023:4332-1 Recommended update for slurm

This update for slurm fixes the following issues: - Updated to version 23.02.5 with the following changes: Bug Fixes: + Revert a change in 23.02 where SLURMNTASKS was no longer set in the job's environment when --ntasks-per-node was requested. The method that is is being set, however, is differen...

DEBIAN-CVE-2007-4099

Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks...