12 matches found
CVE-2026-44970
dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DefaultUsageTracker.emittoolcalledevent in src/dbtmcp/tracking/tracking.py serialized every MCP tool call's complete arguments dictionary and sent it through dbtlabsvortex.producer.logproto without redaction,...
CVE-2026-44968 dbt-mcp: Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters
dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, rundbtcommand in src/dbtmcp/dbtcli/tools.py appended unsanitized nodeselection and resourcetype values to the dbt subprocess argument list, allowing an MCP client to inject dbt global flags such as --profiles-di...
CVE-2026-44968 dbt-mcp: Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters
dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, rundbtcommand in src/dbtmcp/dbtcli/tools.py appended unsanitized nodeselection and resourcetype values to the dbt subprocess argument list, allowing an MCP client to inject dbt global flags such as --profiles-di...
CVE-2026-44968
Summary: CVE-2026-44968 affects dbt-mcp (Model Context Protocol server). Prior to v1.17.1, _run_dbt_command() in src/dbt_mcp/dbt_cli/tools.py appended user-supplied MCP parameters to the dbt subprocess argv without validation. This enables argument-list injection via two vectors: (1) node_selecti...
Arbitrary Argument Injection
Overview dbt-mcp is an A MCP Model Context Protocol server for interacting with dbt resources. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the nodeselection or resourcetype parameters in the rundbtcommand process. An attacker can override configuration fil...
GHSA-XPWW-F6PM-CFHQ dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters
Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary rundbtcommand in src/dbtmcp/dbtcli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two independen...
dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters
Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary rundbtcommand in src/dbtmcp/dbtcli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two independen...
PT-2026-41148
Name of the Vulnerable Software and Affected Versions dbt-mcp version 1.15.1 Description The run dbt command function in src/dbt mcp/dbt cli/tools.py is susceptible to argument list injection. This occurs because user-supplied parameters are appended to the dbt subprocess argument list without...
Secret Sharing in 5G-MEC: Applicability for Joint Security and Dependability
Multi-access Edge Computing MEC, an enhancement of 5G, processes data closer to its generation point, reducing latency and network load. However, the distributed and edge-based nature of 5G-MEC presents privacy and security challenges, including data exposure risks. Ensuring efficient manipulatio...
SUSE-RU-2023:4334-1 Recommended update for slurm_23_02
This update for slurm2302 fixes the following issues: - Updated to version 23.02.5 with the following changes: Bug Fixes: + Revert a change in 23.02 where SLURMNTASKS was no longer set in the job's environment when --ntasks-per-node was requested. The method that is is being set, however, is...
SUSE-RU-2023:4332-1 Recommended update for slurm
This update for slurm fixes the following issues: - Updated to version 23.02.5 with the following changes: Bug Fixes: + Revert a change in 23.02 where SLURMNTASKS was no longer set in the job's environment when --ntasks-per-node was requested. The method that is is being set, however, is differen...
DEBIAN-CVE-2007-4099
Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks...