Soumettre #775593: erupts erupt erupt ≤ 1.13.3 Improper Input Validationinformation

Titreerupts erupt erupt ≤ 1.13.3 Improper Input Validation
DescriptionErupt contains an arbitrary HQL (Hibernate Query Language) execution vulnerability in the MCP (Model Context Protocol) tool interface. The EruptDataQuery function accepts user-controlled HQL queries without validation or sanitization, allowing authenticated attackers with OpenAPI credentials to execute arbitrary database queries and extract sensitive data.
La source⚠️ https://fx4tqqfvdw4.feishu.cn/docx/EunDdwORZoG3uzxpLykcj24mncJ?from=from_copylink
Utilisateur
 xcxr (UID 86629)
Soumission09/03/2026 07:49 (il y a 2 mois)
Modérer22/03/2026 12:59 (13 days later)
StatutAccepté
Entrée VulDB352430 [erupts erupt jusqu’à 1.13.3 MCP Tool Interface EruptDataQuery.java EruptDataQuery injection SQL]
Points19

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!