Filtered by vendor Apache
Subscriptions
Filtered by product Doris Mcp Server
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66335 | 1 Apache | 1 Doris Mcp Server | 2026-04-22 | 5.3 Medium |
| Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version 0.6.1 and later are not affected. | ||||
| CVE-2025-58337 | 1 Apache | 2 Doris, Doris Mcp Server | 2025-11-12 | 5.4 Medium |
| An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized modifications. Recommended action for operators: Upgrade to version 0.6.0 as soon as possible (this release contains the fix). | ||||
Page 1 of 1.