@squawk/mcp (>=0.4.1 <=0.6.0) potentially affected by unknown CVE via @squawk/weather (>=0.3.4 <=0.4.1)

@squawk/weather NPM version =0.3.4, =0.4.1, =0.6.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKWEATHER-16640874...

CVE-2023-30715

Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission...

CVE-2022-28780

Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information...

CVE-2025-1077

A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products NAMIS, Aero Weather, Satellite Weather. The vulnerability is present in the Product Delivery Service PDS component in specific server configurations where the PDS pipeline utilizes the...

PT-2023-22916 · Weather · Weather

Name of the Vulnerable Software and Affected Versions: Weather versions prior to SMR Sep-2023 Release 1 Description: The issue allows attackers to access location information set in Weather without permission due to an improper access control vulnerability. Recommendations: For versions prior to...

The vulnerability of the fly-weather software package for the Astra Linux operating system, related to a validation error in the input data received from web servers, allows attackers to perform spoofing attacks.

The vulnerability of the fly-weather software package for the Astra Linux operating system is related to a validation error in the input data received from web servers. Exploiting this vulnerability can allow attackers to perform spoofing attacks...

CVE-2008-5771

Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter...