2 matches found
Permissive Cross-domain Policy with Untrusted Domains
Overview @yoda.digital/gitlab-mcp-server is a GitLab MCP Server - A Model Context Protocol server for GitLab integration Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the SSE HTTP transport when USESSE=true is set, which lacks...
CVE-2026-5190 AWS C Event Stream Streaming Decoder Stack Buffer Overflow
Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To remediate this issue, user...