C2An1

**Name of the Vulnerable Software and Affected Versions** 5ire versions prior to 0.15.3 **Description** 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. A flaw in the ECharts Markdown plugin allows any user capable of submitting ECharts code blocks to execute arbitrary JavaScript code within the renderer context. This can lead to Remote Code Execution (RCE) in environments where privileged APIs are accessible, potentially resulting in full compromise of the host system. The issue stems from an unsafe option parsing mechanism within the ECharts Markdown plugin. **Recommendations** Update to version 0.15.3 to address the issue.

**Name of the Vulnerable Software and Affected Versions** 5ire versions prior to 0.15.3 **Description** 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, unsafe HTML rendering allows untrusted HTML, including on* event attributes, to execute within the renderer context. An attacker can inject an `<img onerror=...>` payload to execute arbitrary JavaScript in the renderer. This JavaScript can call exposed bridge APIs, such as `window.bridge.mcpServersManager.createServer`, potentially leading to unauthorized creation of MCP servers and remote command execution. **Recommendations** Update to version 0.15.3 or later.

**Name of the Vulnerable Software and Affected Versions** LobeChat versions prior to 2.0.0-next.180 **Description** LobeChat is an open source chat application platform. A stored Cross-Site Scripting (XSS) issue exists in the Mermaid artifact renderer, enabling attackers to execute arbitrary JavaScript within the application. This XSS can be escalated to Remote Code Execution (RCE) by exploiting the exposed `electronAPI` IPC bridge, which allows attackers to run arbitrary system commands on a victim’s machine. The vulnerable component is the Mermaid artifact renderer. **Recommendations** Update to version 2.0.0-next.180 or later.

**Name of the Vulnerable Software and Affected Versions** MCPJam inspector versions prior to 1.4.3 **Description** MCPJam inspector, a local-first development platform for MCP servers, contains a flaw that allows remote code execution (RCE). The software by default listens on 0.0.0.0 instead of 127.0.0.1, making its HTTP APIs remotely reachable. An attacker can send a crafted HTTP request to the '/api/mcp/connect' endpoint, which extracts the `command` and `args` variables without security checks, triggering the installation of an MCP server and leading to arbitrary command execution without user interaction. **Recommendations** Update to version 1.4.3. Restrict access to the '/api/mcp/connect' endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** 5ire versions 0.15.2 and prior **Description** 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. A remote code execution issue exists in the `useMarkdown.ts` file due to the markdown-it-mermaid plugin being initialized with `securityLevel: 'loose'`. This configuration allows the rendering of HTML tags within Mermaid diagram nodes, potentially enabling arbitrary HTML and JavaScript execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dive versions prior to 0.11.1 **Description** Dive is an open-source MCP Host Desktop Application that integrates with function-calling LLMs. A critical Stored Cross-Site Scripting (XSS) issue exists in the Mermaid diagram rendering component. The application permits the execution of arbitrary JavaScript via `javascript:`. An attacker can exploit this to inject a malicious Model Context Protocol (MCP) server configuration, potentially leading to Remote Code Execution (RCE) on the victim's machine when a node is clicked. The vulnerable component allows for the injection of malicious code through the `javascript:` URI scheme. **Recommendations** Update to version 0.11.1 to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** BentoML versions 1.3.8 through 1.4.2 **Description** A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in BentoML. It allows any unauthenticated user to execute arbitrary code on the server. The vulnerability exists due to an unsafe code segment in `serde.py`, which can be exploited by sending a malicious serialized pickle object in an HTTP request. This can lead to the execution of harmful actions during deserialization. **Recommendations** To resolve the issue, update to version 1.4.3 or later, as this version fixes the vulnerability. For versions 1.3.8 through 1.4.2, update to version 1.4.3 as soon as possible to mitigate the RCE vulnerability. As a temporary workaround, consider restricting access to the vulnerable `serde.py` module to minimize the risk of exploitation.