2 matches found
Access Control Bypass
Overview @executeautomation/database-server is a MCP server for interacting with SQLite and SQL Server databases by ExecuteAutomation Affected versions of this package are vulnerable to Access Control Bypass in the readquery tool. An attacker can gain unauthorized access to sensitive data and...
GHSA-65HM-PWJ5-73PW @executeautomation/database-server does not properly restrict access, bypassing a "read-only" mode
The MCP Server provided by ExecuteAutomation at https://github.com/executeautomation/mcp-database-server provides an MCP interface for agentic workflows to interact with different kinds of database servers such as PostgreSQL database. However, the mcp-database-server MCP Server distributed via th...