Lfprojects Vulnerabilities

An attacker with network access to the Valkey database can send a specially crafted request that causes the system to crash, disrupting service. This vulnerability affects versions 9.0.0 to 9.0.2, so it's crucial to upgrade to version 9.0.3 or ensure that only trusted users can access the system.

An attacker with access to the Valkey database's clusterbus port can send a specially crafted packet that may crash the system, disrupting service. To exploit this vulnerability, the attacker must already have access to the clusterbus, so it's crucial to restrict access with proper network controls.

This vulnerability allows a malicious user to inject harmful data into the responses sent to clients, which can corrupt or alter the information other users receive on the same connection. It affects specific versions of the Valkey database, and the issue arises from improper handling of errors in scripting commands.

An attacker can exploit a flaw in the MCP Python SDK to send unauthorized requests to a local server running without authentication, potentially accessing sensitive resources or executing commands on behalf of the user. This vulnerability occurs only if the server is set up on localhost without proper security measures, making it critical to avoid running such servers without authentication.

An attacker can exploit this vulnerability to send unauthorized requests to a local MCP server running on a user's machine, potentially accessing sensitive resources or tools. This can happen if the server is running without authentication on localhost and does not have DNS rebinding protection enabled, which is a risky setup that should be avoided.