From 95432dca1549ea4a186218f474b3b13caa2317c2 Mon Sep 17 00:00:00 2001 From: Vinod Kone Date: Wed, 20 May 2026 22:09:43 -0500 Subject: [PATCH] Improve GHSA-94gr-w3q5-rfqr --- .../GHSA-94gr-w3q5-rfqr.json | 44 ++++++++++++++++++- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/advisories/unreviewed/2026/05/GHSA-94gr-w3q5-rfqr/GHSA-94gr-w3q5-rfqr.json b/advisories/unreviewed/2026/05/GHSA-94gr-w3q5-rfqr/GHSA-94gr-w3q5-rfqr.json index 4a34aea7f027c..7659a493e5590 100644 --- a/advisories/unreviewed/2026/05/GHSA-94gr-w3q5-rfqr/GHSA-94gr-w3q5-rfqr.json +++ b/advisories/unreviewed/2026/05/GHSA-94gr-w3q5-rfqr/GHSA-94gr-w3q5-rfqr.json @@ -1,11 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-94gr-w3q5-rfqr", - "modified": "2026-05-13T18:30:41Z", + "modified": "2026-05-13T18:30:42Z", "published": "2026-05-12T18:30:38Z", "aliases": [ "CVE-2025-65719" ], + "summary": "Added package details for npm and pip", "details": "An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page.", "severity": [ { @@ -13,7 +14,46 @@ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "npm", + "name": "kubectl-mcp-server" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.2.0" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "PyPI", + "name": "kubectl-mcp-server" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.2.0" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY",