5 matches found
CVE-2026-44284
FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal...
EUVD-2026-28867
FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal...
actions-mkdocs: Command Injection via issue title in internal GitHub Actions workflow
Summary External input from github.event.issue.title is used unsafely in a shell command in .github/workflows/release-candidate.yaml, allowing command injection during workflow execution. Details In .github/workflows/release-candidate.yaml, the issue title is interpolated directly into a shell...
CVE-2024-42482 fish-shop/syntax-check Improper Neutralization of Delimiters
fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input...
CVE-2024-42482 fish-shop/syntax-check Improper Neutralization of Delimiters
fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input...