npm package
serverless
pkg:npm/serverless
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-69256 | — | >= 4.29.0, < 4.29.3 | 4.29.3 | Dec 30, 2025 | The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package (@server |
- CVE-2025-69256Dec 30, 2025affected >= 4.29.0, < 4.29.3fixed 4.29.3
The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package (@server