PyPI package
stata-mcp
pkg:pypi/stata-mcp
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-47708 | cri | — | < 1.17.3 | 1.17.3 | Jun 4, 2026 | ### Summary The `log_file_name` parameter in the `stata_do` API and CLI is directly interpolated into a Stata command string without sanitization. The security guard (`GuardValidator`) only scans the do-file content but does not validate this parameter. An attacker can inject arb | |
| CVE-2026-31040 | Cri | 9.8 | < 1.13.0 | 1.13.0 | Apr 8, 2026 | A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution. |
- affected < 1.17.3fixed 1.17.3
### Summary The `log_file_name` parameter in the `stata_do` API and CLI is directly interpolated into a Stata command string without sanitization. The security guard (`GuardValidator`) only scans the do-file content but does not validate this parameter. An attacker can inject arb
- affected < 1.13.0fixed 1.13.0
A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution.