Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/ebay-mcp@1.7.2
Typenpm
Namespace
Nameebay-mcp
Version1.7.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-bfcq-re1n-uqb8
vulnerability_id VCID-bfcq-re1n-uqb8
summary eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_tokens tool allows updating the .env file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration file. An attacker can inject arbitrary environment variables into the .env file. This could lead to configuration overwrites, Denial of Service, and potential RCE. There was no fix for this issue at the time of publication.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27203
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27203
1
reference_url https://github.com/YosefHayim/ebay-mcp
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/YosefHayim/ebay-mcp
2
reference_url https://github.com/YosefHayim/ebay-mcp/commit/aab0bda75ea9dd27aa37d0d8524d7cf41b3c4a9a
reference_id aab0bda75ea9dd27aa37d0d8524d7cf41b3c4a9a
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:29:04Z/
url https://github.com/YosefHayim/ebay-mcp/commit/aab0bda75ea9dd27aa37d0d8524d7cf41b3c4a9a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27203
reference_id CVE-2026-27203
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27203
4
reference_url https://github.com/advisories/GHSA-97rm-xj73-33jh
reference_id GHSA-97rm-xj73-33jh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-97rm-xj73-33jh
5
reference_url https://github.com/YosefHayim/ebay-mcp/security/advisories/GHSA-97rm-xj73-33jh
reference_id GHSA-97rm-xj73-33jh
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:29:04Z/
url https://github.com/YosefHayim/ebay-mcp/security/advisories/GHSA-97rm-xj73-33jh
fixed_packages
aliases CVE-2026-27203, GHSA-97rm-xj73-33jh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bfcq-re1n-uqb8
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/ebay-mcp@1.7.2