4 matches found
Server-side Request Forgery (SSRF)
Overview auth-fetch-mcp is a MCP server that lets AI read Notion, Google Docs, Jira & any login-protected page via a real browser Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isPrivateV6 function, which fails to properly detect IPv4-mapped IPv6...
CVE-2023-49736
A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...
PT-2023-24757 · Snowflake · Snowflake Connector For Python
Name of the Vulnerable Software and Affected Versions: Snowflake Connector for Python versions prior to 3.0.2 Description: The issue concerns a command injection vulnerability via single sign-on SSO browser URL authentication. An attacker would need to establish a malicious resource and redirect...
CVE-2023-3099
A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function deletefile in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch...