August829

**Name of the Vulnerable Software and Affected Versions** opentelemetry-java versions prior to 1.62.0 **Description** A flaw in the baggage propagation implementation within `opentelemetry-api` and `opentelemetry-extension-trace-propagators` allows for unbounded memory allocation and CPU consumption when parsing oversized baggage. This occurs because the `W3CBaggagePropagator`, `JaegerPropagator`, and `OtTracePropator` did not enforce limits on the total size or entry count of the `baggage` header, iterating through values regardless of length. Since baggage is automatically re-injected into outgoing requests, the impact can spread to downstream services. The risk is increased in environments where transport-layer limits are absent, such as compromised internal services using non-HTTP or custom transports. **Recommendations** Update to version 1.62.0 or later. Ensure HTTP header size limits are configured at the server or gateway level.

**Name of the Vulnerable Software and Affected Versions** Spring Cloud Config versions 3.1.0 through 3.1.13 Spring Cloud Config versions 4.1.0 through 4.1.9 Spring Cloud Config versions 4.2.0 through 4.2.6 Spring Cloud Config versions 4.3.0 through 4.3.2 Spring Cloud Config versions 5.0.0 through 5.0.2 **Description** The `spring-cloud-config-server` module allows applications to serve arbitrary text and binary files. A malicious user can send a request using a specially crafted URL to perform a directory traversal attack, which is a technique used to access files and directories stored outside the intended folder. Additionally, a GCP secret leak has been identified. **Recommendations** Upgrade versions 3.1.0 through 3.1.13 to 3.1.14 or greater. Upgrade versions 4.1.0 through 4.1.9 to 4.1.10 or greater. Upgrade versions 4.2.0 through 4.2.6 to 4.2.7 or greater. Upgrade versions 4.3.0 through 4.3.2 to 4.3.3 or greater. Upgrade versions 5.0.0 through 5.0.2 to 5.0.3 or greater.

**Name of the Vulnerable Software and Affected Versions** Spring Cloud Config versions 3.1.0 through 3.1.13 Spring Cloud Config versions 4.1.0 through 4.1.9 Spring Cloud Config versions 4.2.0 through 4.2.6 Spring Cloud Config versions 4.3.0 through 4.3.2 Spring Cloud Config versions 5.0.0 through 5.0.2 **Description** The base directory `spring.cloud.config.server.git.basedir` used by the Spring Cloud Config Server to clone Git repositories is susceptible to time-of-check-time-of-use (TOCTOU) attacks. TOCTOU is a race condition where a system checks the state of a resource and then performs an action based on that state, but the resource is modified between the check and the action. **Recommendations** Upgrade versions 3.1.0 through 3.1.13 to 3.1.14 or greater. Upgrade versions 4.1.0 through 4.1.9 to 4.1.10 or greater. Upgrade versions 4.2.0 through 4.2.6 to 4.2.7 or greater. Upgrade versions 4.3.0 through 4.3.2 to 4.3.3 or greater. Upgrade versions 5.0.0 through 5.0.2 to 5.0.3 or greater.

**Name of the Vulnerable Software and Affected Versions** Spring AI versions 1.0.0 through 1.0.5 Spring AI versions 1.1.0 through 1.1.4 **Description** Various `FilterExpressionConverter` implementations fail to properly escape keys and values when translating filter expression objects into specific vector store query languages. This improper escaping allows for query injection, which can enable attackers to alter vector store queries, potentially leading to data exposure and tampering. **Recommendations** Update versions 1.0.0 through 1.0.5 to 1.0.6. Update versions 1.1.0 through 1.1.4 to 1.1.5.

**Name of the Vulnerable Software and Affected Versions** Spring Boot versions 4.0.0 through 4.0.5 **Description** When configured to use an SSL bundle, the Elasticsearch auto-configuration fails to perform hostname verification during the connection to the Elasticsearch server. Hostname verification is a security process that ensures the server's certificate matches its actual hostname to prevent man-in-the-middle attacks. **Recommendations** Upgrade to version 4.0.6 or later.

**Name of the Vulnerable Software and Affected Versions** Axios versions prior to 0.31.1 Axios versions prior to 1.15.1 **Description** The `encode()` function in lib/helpers/AxiosURLSearchParams.js contains a character mapping (`charMap`) that reverses the safe percent-encoding of null bytes. While `encodeURIComponent('x00')` produces the safe sequence %00, the `charMap` entry '%00': 'x00' converts it back to a raw null byte. The primary impact is limited as the standard request flow is not affected. **Recommendations** Update to version 0.31.1. Update to version 1.15.1.

**Name of the Vulnerable Software and Affected Versions** Axios versions 1.0.0 through 1.15.1 **Description** Axios is a promise based HTTP client for the browser and Node.js. The library is susceptible to a Prototype Pollution Gadget attack. This occurs because the default transformResponse function calls JSON.parse(data, this.parseReviver), where `this` is the merged config object. Since `parseReviver` is not present in defaults, not validated by assertOptions, and lacks constraints, a polluted `Object.prototype.parseReviver` function is executed for every key-value pair in every JSON response. This allows an attacker to selectively modify individual values in JSON API responses, which can lead to privilege escalation, balance manipulation, and authorization bypass. **Recommendations** Update Axios to version 1.15.2.

**Name of the Vulnerable Software and Affected Versions** Axios versions prior to 0.31.1 Axios versions prior to 1.15.1 **Description** The XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the `withXSRFToken` config property. When this property is set to any truthy non-boolean value, the same-origin check (isURLSameOrigin) is short-circuited, causing XSRF tokens to be sent to all request targets, including cross-origin servers controlled by an attacker. **Recommendations** Update to version 0.31.1 or later. Update to version 1.15.1 or later.

**Name of the Vulnerable Software and Affected Versions** Axios versions prior to 1.15.1 Axios versions prior to 0.31.1 **Description** The library is susceptible to a Prototype Pollution Gadget attack. This occurs because the `validateStatus` configuration property utilizes the mergeDirectKeys merge strategy, which employs the JavaScript in operator that traverses the prototype chain. If `Object.prototype.validateStatus` is polluted with `() => true`, all HTTP error responses (such as 401, 403, and 500) are treated as successful responses, effectively bypassing application-level authentication and error handling. **Recommendations** Update to version 1.15.1 or later. Update to version 0.31.1 or later.

**Name of the Vulnerable Software and Affected Versions** FastGPT versions prior to 4.14.9.5 **Description** The password change endpoint is susceptible to NoSQL injection, a technique where MongoDB query operators are injected into a database query. An authenticated attacker can use this to bypass the verification of the old password. This allows a user with a low-privileged session to change account passwords without knowing the current one, potentially leading to full account takeover and persistence. **Recommendations** Update to version 4.14.9.5.

**Name of the Vulnerable Software and Affected Versions** FastGPT versions prior to 4.14.9.5 **Description** The password-based login endpoint uses TypeScript type assertion without runtime validation. This allows an unauthenticated attacker to use a MongoDB query operator object, such as `{"$ne": ""}`, in the `password` field. This NoSQL injection—a technique where an attacker uses database-specific syntax to manipulate queries—bypasses authentication checks, enabling unauthorized access to any user account, including the root administrator. **Recommendations** Update to version 4.14.9.5.

**Name of the Vulnerable Software and Affected Versions** FastGPT versions prior to 4.14.9.5 **Description** FastGPT is an AI Agent building platform. The MCP (Model Context Protocol) tools endpoints `/api/core/app/mcpTools/getTools` and `/api/core/app/mcpTools/runTool` accept a user-supplied URL parameter and make server-side HTTP requests to it without validating whether the URL points to an internal or private network address. The application has a dedicated `isInternalAddress()` function for SSRF protection, but this function is not called by the MCP tools endpoints. An authenticated attacker can use these endpoints to scan internal networks, access cloud metadata services, and interact with internal services such as MongoDB and Redis. The vulnerable parameters are the URL parameters used in the `/api/core/app/mcpTools/getTools` and `/api/core/app/mcpTools/runTool` API endpoints. **Recommendations** Versions prior to 4.14.9.5 should be updated to version 4.14.9.5 or later.

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.9.5 Description FastGPT is an AI Agent building platform. The HTTP tools testing endpoint ('/api/core/app/httpTools/runTool') was exposed without authentication in versions prior to 4.14.9.5. This endpoint functions as a full HTTP proxy, accepting a user-supplied `baseUrl`, `toolPath`, HTTP method, custom headers, and body, then making a server-side HTTP request and returning the complete response. This allows an unauthenticated attacker to potentially exfiltrate API tokens, access internal services, and send arbitrary HTTP requests. This issue enables a Server-Side Request Forgery (SSRF) condition, potentially leading to Remote Code Execution (RCE). Recommendations Update FastGPT to version 4.14.9.5 or later.

**Name of the Vulnerable Software and Affected Versions** GetSimple CMS (affected versions not specified) **Description** GetSimple CMS has a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed as of the time of publication. The vulnerability allows unauthorized access to arbitrary files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HAX CMS versions 11.0.6 through 24.x HAX CMS versions prior to 25.0.0 **Description** HAX CMS, which manages microsite universes with PHP or NodeJs backends, is subject to a stored cross-site scripting (XSS) issue. This flaw potentially allows for account takeover. The issue affects versions using PHP or NodeJs backends. Stored XSS occurs when malicious scripts are injected into a website and stored on the server, allowing them to be executed when other users visit the affected pages. **Recommendations** HAX CMS versions 11.0.6 through 24.x should be upgraded to version 25.0.0 or later. HAX CMS versions prior to 25.0.0 should be upgraded to version 25.0.0 or later.

Name of the Vulnerable Software and Affected Versions: mcp-neo4j version 0.3.0 Description: An issue was discovered that allows attackers to gain sensitive information or execute arbitrary commands via the SSE service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MariaDB MCP version 0.1.0 Description: An issue was discovered in the MariaDB MCP software where attackers can gain sensitive information via the SSE service due to a lack of user validation within the service. Recommendations: Ensure proper user validation is implemented within the SSE service to prevent unauthorized access to sensitive information.

Name of the Vulnerable Software and Affected Versions: 1panel version 2.0.8 Description: An OS Command injection issue exists in the `OperateSSH` function within 1panel. Attackers can execute arbitrary commands by manipulating the `operation` parameter of the `/api/v2/hosts/ssh/operate` API endpoint. Recommendations: As a temporary workaround, restrict access to the `/api/v2/hosts/ssh/operate` API endpoint to minimize the risk of exploitation. Consider disabling the `OperateSSH` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: HuangDou UTCMS version 9 Description: A critical issue exists in HuangDou UTCMS version 9 related to SQL injection. The vulnerability affects the `RunSql` function within the `app/modules/ut-data/admin/mysql.php` file. Manipulation of the `sql` argument allows for SQL injection attacks, which can be initiated remotely. The exploit for this issue has been publicly disclosed. Recommendations: As a temporary workaround, consider restricting access to the `app/modules/ut-data/admin/mysql.php` file. Avoid using the `sql` parameter in the `RunSql` function until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: litmusautomation litmus-mcp-server versions through 0.0.1 Description: An issue allows unauthorized attackers to control the target's MCP service through the SSE (Server-Sent Events) protocol. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.