Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/359776?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359776?format=api", "vulnerability_id": "VCID-ctc9-v5xx-dfg7", "summary": "MCPHub has Path Traversal via Malicious MCPB Manifest Name\n**MCPB File Upload Handler** extracts a ZIP file and reads `manifest.json` from it. The `name` field in the manifest is directly concatenated into a file path (line 107) without any sanitization or path traversal character validation. An attacker can craft a malicious MCPB file where `manifest.name` is set to something like `../../../etc/malicious`, causing the file to be extracted to an arbitrary location on the file system. The `cleanupOldMcpbServer` function (line 110) also uses the unsanitized name, potentially allowing deletion of arbitrary directories.\n\n## 1. Summary\n- **Vulnerability Type**: Path Traversal (CWE-22)\n- **Sink Location**: src/controllers/mcpbController.ts:107\n- **Vulnerability Description**: The `name` field from an uploaded MCPB manifest is used directly, without sanitization or normalization, to construct a file system path for directory creation and move operations, which may lead to path traversal attacks.\n\n## 2. Analysis Logic\n\n### Step 1: Inspect the identified sink (src/controllers/mcpbController.ts:106-116)\nI examined the upload handler and located the file system sink where `manifest.name` is used to build the final extraction path and write files to that path.\n\n```ts\n// src/controllers/mcpbController.ts:106-116\n// Use server name as the final extract directory for automatic version management\nconst finalExtractDir = path.join(path.dirname(mcpbFilePath), `server-${manifest.name}`);\n\n// Clean up any existing version of this server\ncleanupOldMcpbServer(manifest.name);\nif (!fs.existsSync(finalExtractDir)) {\n fs.mkdirSync(finalExtractDir, { recursive: true });\n}\n\n// Move the temporary directory to the final location\nfs.renameSync(tempExtractDir, finalExtractDir);\n```\n\nAnalysis: `manifest.name` is used to build `finalExtractDir`, which is then operated on by `fs.mkdirSync` and `fs.renameSync`. These are file system write/move operations, so if `name` is user-controlled and unsanitized, this is a path traversal sink. Next, I traced the origin of `manifest.name`.\n\n### Step 2: Trace the source of `manifest.name` in the upload handler (src/controllers/mcpbController.ts:83-104)\nI traced back the data flow to see how the manifest is read and validated.\n\n```ts\n// src/controllers/mcpbController.ts:83-104\nconst manifestPath = path.join(tempExtractDir, 'manifest.json');\nif (!fs.existsSync(manifestPath)) {\n throw new Error('manifest.json not found in MCPB file');\n}\n\nconst manifestContent = fs.readFileSync(manifestPath, 'utf-8');\nconst manifest = JSON.parse(manifestContent);\n\n// Validate required fields in manifest\nif (!manifest.manifest_version) {\n throw new Error('Invalid manifest: missing manifest_version');\n}\nif (!manifest.name) {\n throw new Error('Invalid manifest: missing name');\n}\n```\n\nAnalysis: `manifest` is parsed directly from `manifest.json` inside the uploaded archive. The only check on `manifest.name` is that it is non‑empty; there is no sanitization, normalization, or allow‑list validation. Next, I confirmed the entry point for uploading MCPB files to verify user control.\n\n### Step 3: Trace the HTTP entry point in src/routes/index.ts:297-299\nI located the route that exposes the upload handler.\n\n```ts\n// src/routes/index.ts:297-299\n// MCPB upload routes\nrouter.post('/mcpb/upload', uploadMiddleware, uploadMcpbFile);\n```\n\nAnalysis: The `/mcpb/upload` endpoint invokes `uploadMiddleware` and `uploadMcpbFile`, so user‑supplied uploads are the source of the manifest content. Next, I verified the upload middleware behavior.\n\n### Step 4: Confirm the upload middleware (src/controllers/mcpbController.ts:8-38)\nI inspected how the uploaded file is received and stored.\n\n```ts\n// src/controllers/mcpbController.ts:8-38\nconst storage = multer.diskStorage({\n destination: (_req, _file, cb) => {\n const uploadDir = path.join(process.cwd(), 'data/uploads/mcpb');\n if (!fs.existsSync(uploadDir)) {\n fs.mkdirSync(uploadDir, { recursive: true });\n }\n cb(null, uploadDir);\n },\n filename: (_req, file, cb) => {\n const timestamp = Date.now();\n const originalName = path.parse(file.originalname).name;\n cb(null, `${originalName}-${timestamp}.mcpb`);\n },\n});\n\nconst upload = multer({\n storage,\n fileFilter: (_req, file, cb) => {\n if (file.originalname.endsWith('.mcpb')) {\n cb(null, true);\n } else {\n cb(new Error('Only .mcpb files are allowed'));\n }\n },\n limits: {\n fileSize: 500 * 1024 * 1024, // 500MB limit\n },\n});\n\nexport const uploadMiddleware = upload.single('mcpbFile');\n```\n\nAnalysis: The upload middleware only checks file extension and size. It does not restrict or validate the contents of the archive or `manifest.name`. Therefore, `manifest.name` is user‑controlled input. Next, I checked whether any sanitization or normalization is applied before reaching the sink.\n\n### Step 5: Verify lack of path validation on `manifest.name` in src/controllers/mcpbController.ts:92-110\nI verified that no path sanitization occurs between parsing and usage.\n\n```ts\n// src/controllers/mcpbController.ts:92-110\nif (!manifest.name) {\n throw new Error('Invalid manifest: missing name');\n}\n// ...\nconst finalExtractDir = path.join(path.dirname(mcpbFilePath), `server-${manifest.name}`);\ncleanupOldMcpbServer(manifest.name);\n```\n\nAnalysis: Before using `manifest.name` to construct a file system path, there is no `path.resolve`/`realpath` check, no use of `basename()`, and no allow‑list validation. This confirms that the path is built from untrusted input without defenses.\n\n### Step 6: Examine cleanup behavior using the unsanitized name (src/controllers/mcpbController.ts:41-52)\nI verified how `cleanupOldMcpbServer` uses the same input.\n\n```ts\n// src/controllers/mcpbController.ts:41-52\nconst uploadDir = path.join(process.cwd(), 'data/uploads/mcpb');\nconst serverPattern = `server-${serverName}`;\n\nif (fs.existsSync(uploadDir)) {\n const files = fs.readdirSync(uploadDir);\n files.forEach((file) => {\n if (file.startsWith(serverPattern)) {\n const filePath = path.join(uploadDir, file);\n if (fs.statSync(filePath).isDirectory()) {\n fs.rmSync(filePath, { recursive: true, force: true });\n }\n }\n });\n}\n```\n\nAnalysis: `serverName` is used without validation, but the deletion is limited to directories already present in `uploadDir` as returned by `readdirSync`. The main traversal risk remains in constructing the path for `finalExtractDir` and the subsequent file system operations.\n\n### Analysis Walkthrough\n- Q1: Does user‑controllable input affect the file path? → **Yes**. `manifest.name` is read from the uploaded archive’s `manifest.json` and used in `path.join(...)` to build `finalExtractDir` (src/controllers/mcpbController.ts:89-110).\n- Q2: Is the path normalized and validated against a base directory? → **No**. There is no `resolve`/`realpath` + `startsWith` check before `fs.mkdirSync`/`fs.renameSync` (src/controllers/mcpbController.ts:106-116).\n- Q3: Is `basename()`/`getName()` used to strip directory components? → **No**. `manifest.name` is used directly in a template string (src/controllers/mcpbController.ts:106-107).\n- Q4: Is there a valid allow‑list for allowed names? → **No**. Only an existence check is performed on `manifest.name` (src/controllers/mcpbController.ts:92-97).\n- Q5: Is the code in a test/demo/deprecated/generated context? → **No**. This is a production controller and route (src/controllers/mcpbController.ts:64-130, src/routes/index.ts:297-299).\n- → Reached leaf node: **True Positive**\n\n## 3. Conclusion\n**True Positive**\n\n**Key evidence:**\n- `manifest.name` flows directly into `finalExtractDir` and is used by `fs.mkdirSync` and `fs.renameSync` without sanitization (src/controllers/mcpbController.ts:106-116).\n- `manifest.name` is parsed from `manifest.json` inside an uploaded archive, with only a non‑empty check (src/controllers/mcpbController.ts:89-97).\n- The `/mcpb/upload` endpoint exposes the upload handler that processes user‑supplied archives (src/routes/index.ts:297-299).\n\n## 4. Remediation Recommendations\n- Add normalization and base directory validation before using `manifest.name` to construct `finalExtractDir` (e.g., `const resolved = path.resolve(baseDir, `server-${safeName}`); if (!resolved.startsWith(baseDir)) reject;`).\n- Use `path.basename()` to strip directory components from `manifest.name` and enforce a strict character allow‑list (alphanumeric, `_`, `-`, `.`) before use.\n- Consider rejecting any `manifest.name` that contains path separators or traversal sequences, and add unit tests for malicious traversal inputs.", "aliases": [ { "alias": "GHSA-p3h2-2j4p-p83g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373419?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.13" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/861819?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/861820?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/861821?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/861822?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/861823?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/861824?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/861825?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/861826?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/861827?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/861828?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/861829?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/861830?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/861831?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/861832?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/861833?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/861834?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/861835?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/861836?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/861837?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/861838?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/861839?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/861840?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/861841?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/861842?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/861843?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/861844?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.0.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/861845?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/861846?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/861847?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/861848?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/861849?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/861850?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/861851?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/861852?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/861853?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/861854?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/861855?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/861856?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.7.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.7.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/861857?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/861858?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/861859?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/861860?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/861861?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/861862?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/861863?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/861864?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.8.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/861865?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/861866?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/861867?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/861868?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/861869?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/861870?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/861871?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/861872?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/861873?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/861874?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/34086?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" }, { "vulnerability": "VCID-usx6-j1jv-p3a9" }, { "vulnerability": "VCID-yvc7-97ny-wkgy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/861875?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007221?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007222?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007223?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007224?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007225?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.9.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007226?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007227?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007228?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007229?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.10.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007230?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.10.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007231?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.10.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007232?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.10.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" }, { "vulnerability": "VCID-dnq5-b1xm-7kh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.10.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/373331?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024219?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024220?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024221?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024222?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024223?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024224?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024225?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024226?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024227?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024228?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024229?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024230?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024231?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.11.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024232?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024233?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024234?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024235?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024236?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024237?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024238?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024239?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024240?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024241?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024242?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024243?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/1024244?format=api", "purl": "pkg:npm/%40samanhappy/mcphub@0.12.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cmx-144n-mucv" }, { "vulnerability": "VCID-ctc9-v5xx-dfg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.12" } ], "references": [ { "reference_url": "https://github.com/samanhappy/mcphub/commit/af5b013c09bb0add6b7ad9aaa5b875cf150d2a7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/samanhappy/mcphub/commit/af5b013c09bb0add6b7ad9aaa5b875cf150d2a7c" }, { "reference_url": "https://github.com/samanhappy/mcphub/security/advisories/GHSA-p3h2-2j4p-p83g", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/samanhappy/mcphub/security/advisories/GHSA-p3h2-2j4p-p83g" }, { "reference_url": "https://github.com/advisories/GHSA-p3h2-2j4p-p83g", "reference_id": "GHSA-p3h2-2j4p-p83g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p3h2-2j4p-p83g" } ], "weaknesses": [ { "cwe_id": 22, "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ctc9-v5xx-dfg7" }