| Título | erupts erupt erupt ≤ 1.13.3 Improper Input Validation |
|---|
| Descripción | Erupt contains an arbitrary HQL (Hibernate Query Language) execution vulnerability in the MCP (Model Context Protocol) tool interface. The EruptDataQuery function accepts user-controlled HQL queries without validation or sanitization, allowing authenticated attackers with OpenAPI credentials to execute arbitrary database queries and extract sensitive data. |
|---|
| Fuente | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/EunDdwORZoG3uzxpLykcj24mncJ?from=from_copylink |
|---|
| Usuario | xcxr (UID 86629) |
|---|
| Sumisión | 2026-03-09 07:49 (hace 2 meses) |
|---|
| Moderación | 2026-03-22 12:59 (13 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 352430 [erupts erupt hasta 1.13.3 MCP Tool Interface EruptDataQuery.java EruptDataQuery inyección SQL] |
|---|
| Puntos | 19 |
|---|