Nixpkgs Security Tracker

Dismissed

Permalink CVE-2025-14542

updated 1 month, 2 weeks ago by @fricklerhandwerk Activity log

Created automatic suggestion 1 month, 2 weeks ago
@fricklerhandwerk dismissed 1 month, 2 weeks ago

Command execution in python-utcp allows attackers to achieve remote code execution when fetching a remote Manual from a malicious endpoint

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual (e.g., one defining an HTTP tool call), earning the clients’ trust, a malicious provider can later change the manual to exploit the client.

Affected products

utcp

<1.1.0

Matching in nixpkgs

pkgs.strutcpp

Collection of string utilities

nixos-25.11 0-unstable-2025-07-21
- nixpkgs-25.11-darwin 0-unstable-2025-07-21

Package maintainers

@SchweGELBin Jannik Michael Abram <abramjannikmichael06@gmail.com>

garbage

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.strutcpp

Package maintainers