Approved changes feed: RSS · Atom
cpe:2.3:a:54yyyu:code-mcp:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | 54Yyyu (b154c268-5b9e-5969-82c4-066af008cca6) |
|---|---|
| Product | Code Mcp (f82322c4-76a6-508f-9c76-bf830dcd2ea1) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-7812 |
vulnerable | 2026-06-03 15:27:57.300551 |
54yyyu code-mcp MCP Tool server.py git_operation command injection
HIGH (7.3)
A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-05T04:15:12.122Z
Updated: 2026-05-06T14:06:31.385Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7811 |
vulnerable | 2026-06-03 15:27:57.299813 |
54yyyu code-mcp MCP File server.py is_safe_path path traversal
HIGH (7.3)
A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-05T04:00:21.402Z
Updated: 2026-05-05T13:41:25.439Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.