Описание
The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual (e.g., one defining an HTTP tool call), earning the clients’ trust, a malicious provider can later change the manual to exploit the client.
EPSS
Процентиль: 14%
0.00046
Низкий
7.5 High
CVSS3
Дефекты
CWE-501
Связанные уязвимости
CVSS3: 7.5
github
около 2 месяцев назад
Universal Tool Calling Protocol (UTCP) client library for Python vulnerable to Trust Boundary Violation through Manual JSON specification
EPSS
Процентиль: 14%
0.00046
Низкий
7.5 High
CVSS3
Дефекты
CWE-501