doris-mcp-server
PyPI2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting doris-mcp-serverpage 1 of 1
- CVE-2025-58337MEDIUMCVSS 5.4EG 5.4✓ Fixed in 0.6.02025-11-05
vulnerable: 0.4.2, 0.5.0, 0.5.1
An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode;…
- CVE-2025-66335MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.6.12026-04-20
vulnerable: 0.4.2, 0.5.0, 0.5.1, 0.6.0
Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrict…
Check whether doris-mcp-server is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for doris-mcp-server CVEs against the assets you own.
Start Free Scan →