H3Rrr

**Name of the Vulnerable Software and Affected Versions** Cherry Studio versions 1.7.0-alpha.4 and earlier **Description** Cherry Studio is a desktop client supporting multiple LLM providers. It registers a custom protocol, `cherrystudio://`, and when handling MCP installation URLs, it parses base64-encoded configuration data and directly executes the command within it. Specifically, the `handleMcpProtocolUrl` function in `src/main/services/ProtocolClient.ts` and `src/main/services/urlschema/mcp-install.ts` processes URLs of the `cherrystudio://mcp` type. An attacker can craft malicious content and, through methods like creating a malicious website, trigger the execution of arbitrary commands when a user clicks a link containing this content. The pop-up window may appear normal, leading the user to believe the click is a standard action, while the malicious command is executed in the background. **Recommendations** Disable the `cherrystudio://` protocol handler. Train users to be cautious when clicking links, especially those from untrusted sources. Restrict access to the vulnerable files `src/main/services/ProtocolClient.ts` and `src/main/services/urlschema/mcp-install.ts`. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** drawnix versions through 0.2.1 **Description** drawnix is an all-in-one open-source whiteboard tool. A cross-site scripting (XSS) issue exists in the debug logging functionality. User-controlled content is inserted directly into the DOM via `innerHTML` without sanitization when the global function ` drawnix web console` is invoked. Specifically, in `apps/web/src/app/app.tsx`, `div.innerHTML = value` is executed. This can allow arbitrary JavaScript execution in the context of the application if an attacker can cause untrusted data to be passed to the debug logger, potentially exposing user data or enabling unauthorized actions. **Recommendations** Update to version 0.3.0 or later.

Name of the Vulnerable Software and Affected Versions: AIRI versions 0.7.2-beta.2 Description: AIRI is a self-hosted, artificial intelligence based Grok Companion. The application processes Markdown content using the `useMarkdown` composable and renders it directly into the DOM using `v-html`. An attacker can create a card file containing malicious HTML/JavaScript, process it using the `highlightTagToHtml` function, and render it using `v-html`, leading to cross-site scripting (XSS). The project exposes the Tauri API, and the MCP plugin exposes a command execution interface function in `crates/tauri-plugin-mcp/src/lib.rs`. The `connect server` function directly passes user-supplied `command` and `args` parameters to `Command::new(command).args(args)` without input validation, allowing arbitrary command execution through the XSS exploit. Recommendations: Upgrade to version 0.7.2-beta.3.

Name of the Vulnerable Software and Affected Versions: DeepChat versions prior to 0.3.5 Description: DeepChat, a smart assistant utilizing artificial intelligence, contains a flaw in the Mermaid chart rendering component. Directly using `innerHTML` to set user content allows for the execution of malicious content. This issue stems from an insufficiently addressed cross-site scripting (XSS) problem, leading to an exploit chain that enables arbitrary JavaScript code execution via XSS and arbitrary commands via exposed Inter-Process Communication (IPC). Recommendations: Update to version 0.3.5 or later.

Name of the Vulnerable Software and Affected Versions: MONAI versions prior to 1.5.1 Description: MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. The `extractall` function `zip file.extractall(output dir)` is used directly to process compressed files throughout the project. When processing a Zip file containing malicious content, the function overwrites system files. The project also allows downloading of zip content, increasing the scope of exploitation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MONAI versions up to and including 1.5.0 **Description** MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. The `pickle operations` function in `monai/data/utils.py` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using `pickle.loads()`. This function lacks security measures, and the deserialization process can lead to code execution. The vulnerability can be triggered when processing malicious dataset content or loading serialized files from untrusted sources. The attacker creates malicious dataset content and the system automatically calls `pickle operations` to handle the serialization transformations, leading to the execution of malicious code. **Recommendations** MONAI versions prior to 1.6.0 are affected. As a temporary workaround, consider restricting access to the `pickle operations` function until a patch is available. Verify the data source and content before deserializing. Use a safe deserialization method.

Name of the Vulnerable Software and Affected Versions: MONAI versions up to and including 1.5.0 Description: MONAI is an AI toolkit for health care imaging. The software contains insecure model loading methods that can trigger a deserialization vulnerability, potentially leading to code execution when loading checkpoints containing malicious content. This issue arises from loading pre-trained models downloaded from other platforms. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.