Liran Tal

**Name of the Vulnerable Software and Affected Versions** Doris MCP Server versions prior to 0.6.0 **Description** An attacker with a valid read-only account can bypass the Doris MCP Server’s read-only mode due to improper access control. This allows modifications that should have been prevented by read-only restrictions. Attackers with read-only access may perform unauthorized modifications. **Recommendations** Upgrade to version 0.6.0 as soon as possible.

**Name of the Vulnerable Software and Affected Versions** check-branches (affected versions not specified) **Description** The software is susceptible to a command injection issue. The tool trusts branch names without sanitization and constructs git commands by concatenating user input. This allows attackers to execute arbitrary commands through maliciously crafted branch names, potentially gained through pull requests or privileged repository access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ssrfcheck versions prior to 1.2.0 **Description** The package is vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. The package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid, allowing attackers to craft requests targeting these multicast addresses. **Recommendations** Update to ssrfcheck version 1.2.0 or later.

**Name of the Vulnerable Software and Affected Versions** private-ip (affected versions not specified) **Description** The package is susceptible to a Server-Side Request Forgery (SSRF) issue. An attacker can provide an IP address or hostname that resolves to a multicast IP address (224.0.0.0/4), which is not included in the package’s private IP range checks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** bun (affected versions not specified) **Description** The package is susceptible to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') within the `shell` API. This occurs due to insufficient neutralization of user-supplied input. An attacker can leverage this by providing specially crafted input containing command-line arguments or shell metacharacters, potentially resulting in unintended command execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** files-bucket-server (affected versions not specified) **Description** The package is susceptible to a Directory Traversal issue. This allows an attacker to access files outside of the intended directory by traversing the file system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nossrf versions prior to 1.0.4 **Description** The issue is related to Server-Side Request Forgery (SSRF) where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism. **Recommendations** For versions prior to 1.0.4, update to version 1.0.4 to patch the SSRF flaw. As a temporary workaround, consider restricting the ability to provide hostnames that resolve to local or reserved IP address spaces until a patch is available.

**Name of the Vulnerable Software and Affected Versions** bun versions prior to 1.1.30 **Description** The issue is related to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects. **Recommendations** For versions prior to 1.1.30, update to version 1.1.30 or later to resolve the issue. As a temporary workaround, consider restricting access to Bun's APIs that accept objects until a patch is applied. Avoid using objects in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ggit versions all **Description** The issue concerns Arbitrary Argument Injection via the clone() API. This API allows specifying the remote URL to clone and the file on disk to clone to. However, the library fails to sanitize user input or validate a given URL scheme. Additionally, it does not properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options. **Recommendations** For all versions, as a temporary workaround, consider disabling the clone() API until a patch is available. Restrict access to the clone functionality to minimize the risk of exploitation. Avoid using the clone() API with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ggit versions all **Description** The issue concerns Command Injection via the `fetchTags(branch)` API, which allows user input to specify the branch to be fetched. This input is then concatenated with a git command and passed to the unsafe `exec()` Node.js child process API. **Recommendations** For all versions, consider disabling the `fetchTags(branch)` API until a patch is available to prevent exploitation. Restrict access to the `exec()` function to minimize the risk of Command Injection. Avoid using user-inputted data in the `branch` variable to prevent malicious commands from being executed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** git-shallow-clone versions all **Description** The issue is related to command injection due to missing sanitization or mitigation flags in the `process` variable of the `gitShallowClone` function. This allows for potential argument injection. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For all versions, consider disabling the `gitShallowClone` function until a patch is available to prevent command injection. Restrict access to the `process` variable to minimize the risk of exploitation. Avoid using the `process` variable in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** static-server versions all **Description** The issue arises from improper input sanitization passed via the `validPath` function of server.js, leading to Directory Traversal. This vulnerability affects a popular library that had 100,000 weekly downloads up to a year ago and is still actively downloaded. **Recommendations** For all versions, consider disabling the `validPath` function of server.js as a temporary workaround until a patch is available. Restrict access to sensitive directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** blamer versions prior to 1.0.4 **Description** The issue is related to Arbitrary Argument Injection via the `blameByFile()` API. The library does not sanitize for user input or validate the given file path, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options. **Recommendations** For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider disabling the `blameByFile()` API until a patch is available. Restrict access to the `blameByFile()` function to minimize the risk of exploitation. Avoid using unsanitized user input in the affected API until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** m.static versions all **Description** The issue arises from improper input sanitization of the path being requested via the `requestFile` function, leading to Directory Traversal. This allows unauthorized access to files and directories outside the intended directory. **Recommendations** For all versions, consider disabling the `requestFile` function until a patch is available to prevent exploitation. Restrict access to sensitive files and directories to minimize the risk of unauthorized access.

**Name of the Vulnerable Software and Affected Versions** @node-static versions all node-static versions all **Description** The issue arises from improper file path sanitization in the `startsWith()` method within the `servePath` function, leading to Directory Traversal. This allows attackers to access files outside the intended directory. **Recommendations** For @nubosoftware/node-static, consider disabling the `servePath` function until a patch is available. For node-static, restrict access to the `servePath` function to minimize the risk of exploitation. As a temporary workaround, avoid using the `startsWith()` method in the `servePath` function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** lite-web-server (affected versions not specified) **Description** The issue concerns a Denial of Service (DoS) condition that occurs when an attacker sends an HTTP request containing control characters that the `decodeURI()` function cannot parse. This can lead to a service disruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** glance versions prior to 3.0.9 **Description** The issue is related to a directory traversal vulnerability in the HTTP server of glance, allowing an attacker to bypass access restrictions and gain unauthorized access to protected information. This vulnerability enables users to read files outside the public root directory. **Recommendations** For versions prior to 3.0.9, update to version 3.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** servst versions prior to 2.0.3 **Description** The issue is related to Directory Traversal, caused by improper sanitization of the `filePath` variable. This allows for unauthorized access to files and directories. **Recommendations** For versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** serve-lite versions all **Description** The issue arises from missing input sanitization or other checks and protections employed to the `req.url` passed as-is to `path.join()`, leading to Directory Traversal. This allows potential access to sensitive files and directories. **Recommendations** For all versions, consider disabling the `path.join()` function with unsanitized `req.url` input until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation. Avoid using the `req.url` variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** serve-lite versions all **Description** The issue arises when the software detects a request to a directory and renders a file listing of its contents. This listing includes links with actual file names, but these names are not sanitized or output encoded, leading to Cross-site Scripting (XSS). **Recommendations** For all versions, consider disabling the directory listing feature until a proper fix is implemented to sanitize or encode file names in links. Restrict access to directory listings to minimize the risk of exploitation.