VYPR

npm package

@utcp/http

pkg:npm/%40utcp/http

Vulnerabilities (1)

  • CVE-2026-45366MedMay 28, 2026
    affected < 1.1.2fixed 1.1.2

    typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual() validates the discove

VYPR — Vulnerability Intelligence