12990 matches found
fast-filesystem-mcp is vulnerable to command injection through handleGetDiskUsage function
A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has been...
CVE-2026-5327 efforthye fast-filesystem-mcp index.ts handleGetDiskUsage command injection
A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has been...
CVE-2026-5327
The CVE-2026-5327 vulnerability affects the project efforthye fast-filesystem-mcp up to version 3.5.1 , specifically the function handleGetDiskUsage in src/index.ts. The issue arises from a manipulation that enables remote command injection , with exploitation publicly released and a Proof-of-Con...
Combating Data Laundering in LLM Training
Data rights owners can detect unauthorized data use in large language model LLM training by querying with proprietary samples. Often, superior performance e.g., higher confidence or lower loss on a sample relative to the untrained data implies it was part of the training corpus, as LLMs tend to...
fast-filesystem-mcp 命令注入漏洞
fast-filesystem-mcp is a model context protocol server developed by Efforthye. Versions of fast-filesystem-mcp 3.5.1 and earlier contained a command injection vulnerability. This vulnerability originated from the handleGetDiskUsage function in the file src/index.ts, which allowed command injectio...
PT-2026-29924
Summary Rack::Multipart::Parserhandle mime head parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with Stringslice! prefix deletion. For escape-heavy quoted values, this causes super-linear processing. An...
GHSA-M5QP-6W8W-W647 AIOHTTP has a Multipart Header Size Bypass
Summary A response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. Impact Multipart headers were not subject to the same size restrictions in place for normal headers, potentially allowing substantially more...
GHSA-HCC4-C3V8-RX92 AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector
Summary An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. Impact If an application makes requests to a very large number of hosts, this could cause the DNS cache to continue growing and slowly use excessive amounts of memory. ----- Patch:...
AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector
Summary An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. Impact If an application makes requests to a very large number of hosts, this could cause the DNS cache to continue growing and slowly use excessive amounts of memory. ----- Patch:...
EUVD-2026-18035
AIOHTTP Affected by Denial of Service DoS via Unbounded DNS Cache in TCPConnector...
CVE-2026-22815
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...
CVE-2026-34513
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...
CVE-2026-22815
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...
UBUNTU-CVE-2026-22815
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...
UBUNTU-CVE-2026-34513
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...
CVE-2026-34517
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. This issue has been patched in version 3.13.4...
CVE-2026-34516
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....
CVE-2026-22815 AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...
CVE-2026-22815
CVE-2026-22815 affects aiohttp (Python asyncio HTTP framework). Prior to version 3.13.4, insufficient restrictions in header/trailer handling could lead to unbounded memory growth; this was patched in 3.13.4. A Nessus/NVD-style CVE entry confirms the issue and the fix. Remediation: upgrade to aio...
CVE-2026-22815 AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...