Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Dismissed
Filter by:
With package: strutcpp

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2025-14542
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 3 months, 4 weeks ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 4 months ago
  • @fricklerhandwerk dismissed 3 months, 4 weeks ago
Command execution in python-utcp allows attackers to achieve remote code execution when fetching a remote Manual from a malicious endpoint

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual (e.g., one defining an HTTP tool call), earning the clients’ trust, a malicious provider can later change the manual to exploit the client.

Affected products

utcp
  • <1.1.0

Matching in nixpkgs

Package maintainers

garbage