Node Code Sandbox Mcp
Approved changes feed: RSS · Atom
cpe:2.3:a:alfonsograziano:node-code-sandbox-mcp:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Alfonsograziano (1c156f39-af8a-567d-beba-7ab576d162c8) |
|---|---|
| Product | Node Code Sandbox Mcp (a9c4ae00-a331-5d4d-96e1-b03753c55250) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-53372 |
vulnerable | 2026-06-08 07:31:14.454878 |
node-code-sandbox-mcp has a Sandbox Escape via Command Injection
HIGH (7.5)
node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges on the host machine, bypassing the sandbox protection of running code inside docker. This vulnerability is fixed in 1.3.0.
Published: 2025-07-08T14:54:42.419Z
Updated: 2025-07-08T15:08:00.399Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.