CWE-433
AllowedUnparsed Raw Web Content Delivery
Abstraction: Variant · Status: Incomplete
The product stores raw content or supporting code under the web document root with an extension that is not specifically handled by the server.
5 vulnerabilities reference this CWE, most recent first.
CVE-2026-31841 (GCVE-0-2026-31841)
Vulnerability from cvelistv5 – Published: 2026-03-12 17:03 – Updated: 2026-03-12 17:50- CWE-433 - Unparsed Raw Web Content Delivery
| URL | Tags |
|---|---|
| https://github.com/hyperterse/hyperterse/security… | x_refsource_CONFIRM |
| https://github.com/hyperterse/hyperterse/releases… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| hyperterse | hyperterse |
Affected:
>= 2.0.0, < 2.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T17:50:05.033697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T17:50:15.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hyperterse",
"vendor": "hyperterse",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were supposed to be executed under the hood, and protected from being displayed publicly. This issue has been fixed as of v2.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-433",
"description": "CWE-433: Unparsed Raw Web Content Delivery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T17:03:32.818Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hyperterse/hyperterse/security/advisories/GHSA-92gp-jfgx-9qpv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hyperterse/hyperterse/security/advisories/GHSA-92gp-jfgx-9qpv"
},
{
"name": "https://github.com/hyperterse/hyperterse/releases/tag/v2.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hyperterse/hyperterse/releases/tag/v2.2.0"
}
],
"source": {
"advisory": "GHSA-92gp-jfgx-9qpv",
"discovery": "UNKNOWN"
},
"title": "Raw exposure of database statements in Hyperterse MCP search tool"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31841",
"datePublished": "2026-03-12T17:03:32.818Z",
"dateReserved": "2026-03-09T17:41:56.078Z",
"dateUpdated": "2026-03-12T17:50:15.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GHSA-22GQ-X6PG-752J
Vulnerability from github – Published: 2018-08-29 23:45 – Updated: 2023-09-07 22:47The openssl.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations.
All versions have been unpublished from the npm registry.
Recommendation
As this package is malware, if you find it installed in your environment, the real security concern is determining how it got there.
If you have found this installed in your environment, you should: 1. Delete the package 2. Clear your npm cache 3. Ensure it is not present in any other package.json files on your system 4. Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been present in your environment variables.
Additionally, any service which may have been exposed via credentials in your environment variables, such as a database, should be reviewed for indicators of compromise as well.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openssl.js"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-16065"
],
"database_specific": {
"cwe_ids": [
"CWE-433",
"CWE-506"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T20:50:52Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The `openssl.js` package is a piece of malware that steals environment variables and sends them to attacker controlled locations. \n\nAll versions have been unpublished from the npm registry.\n\n\n## Recommendation\n\nAs this package is malware, if you find it installed in your environment, the real security concern is determining how it got there. \n\nIf you have found this installed in your environment, you should:\n1. Delete the package\n2. Clear your npm cache\n3. Ensure it is not present in any other package.json files on your system\n4. Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been present in your environment variables. \n\nAdditionally, any service which may have been exposed via credentials in your environment variables, such as a database, should be reviewed for indicators of compromise as well.",
"id": "GHSA-22gq-x6pg-752j",
"modified": "2023-09-07T22:47:17Z",
"published": "2018-08-29T23:45:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16065"
},
{
"type": "PACKAGE",
"url": "https://github.com/DigitalArsenal/openssl.js"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/504"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "openssl.js is malware"
}
GHSA-2WPQ-VVW6-67WR
Vulnerability from github – Published: 2018-08-29 23:38 – Updated: 2023-09-11 22:23The nodecaffe package is a piece of malware that steals environment variables and sends them to attacker controlled locations.
All versions have been unpublished from the npm registry.
Recommendation
As this package is malware, if you find it installed in your environment, the real security concern is determining how it got there.
If you have found this installed in your environment, you should: 1. Delete the package 2. Clear your npm cache 3. Ensure it is not present in any other package.json files on your system 4. Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been present in your environment variables.
Additionally, any service which may have been exposed via credentials in your environment variables, such as a database, should be reviewed for indicators of compromise as well.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "nodecaffe"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-16070"
],
"database_specific": {
"cwe_ids": [
"CWE-433",
"CWE-506"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T20:53:08Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The `nodecaffe` package is a piece of malware that steals environment variables and sends them to attacker controlled locations. \n\nAll versions have been unpublished from the npm registry.\n\n\n## Recommendation\n\nAs this package is malware, if you find it installed in your environment, the real security concern is determining how it got there. \n\nIf you have found this installed in your environment, you should:\n1. Delete the package\n2. Clear your npm cache\n3. Ensure it is not present in any other package.json files on your system\n4. Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been present in your environment variables. \n\nAdditionally, any service which may have been exposed via credentials in your environment variables, such as a database, should be reviewed for indicators of compromise as well.",
"id": "GHSA-2wpq-vvw6-67wr",
"modified": "2023-09-11T22:23:56Z",
"published": "2018-08-29T23:38:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16070"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/509"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "nodecaffe is malware"
}
GHSA-92GP-JFGX-9QPV
Vulnerability from github – Published: 2026-03-12 18:32 – Updated: 2026-03-12 18:32Hyperterse allows users to specify database queries for tools to execute under the hood. As of v2.0.0, there are only two tools exposed - search and execute.
The search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were supposed to be executed under the hood, and protected from being displayed publicly.
This issue has been fixed as of v2.2.0 and relevant tests to catch these have been added.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "hyperterse"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-31841"
],
"database_specific": {
"cwe_ids": [
"CWE-433"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-12T18:32:54Z",
"nvd_published_at": "2026-03-12T17:16:51Z",
"severity": "MODERATE"
},
"details": "Hyperterse allows users to specify database queries for tools to execute under the hood. As of [v2.0.0](https://github.com/hyperterse/hyperterse/releases/tag/v2.0.0), there are only two tools exposed - `search` and `execute`. \n\nThe `search` tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing statements which were supposed to be executed under the hood, and protected from being displayed publicly.\n\nThis issue has been fixed as of [v2.2.0](https://github.com/hyperterse/hyperterse/releases/tag/v2.2.0) and relevant tests to catch these have been added.",
"id": "GHSA-92gp-jfgx-9qpv",
"modified": "2026-03-12T18:32:54Z",
"published": "2026-03-12T18:32:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/hyperterse/hyperterse/security/advisories/GHSA-92gp-jfgx-9qpv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31841"
},
{
"type": "PACKAGE",
"url": "https://github.com/hyperterse/hyperterse"
},
{
"type": "WEB",
"url": "https://github.com/hyperterse/hyperterse/releases/tag/v2.2.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Hyperterse: Raw exposure of database statements in MCP search tool"
}
GHSA-RWG6-3FMJ-W4WX
Vulnerability from github – Published: 2018-11-01 14:47 – Updated: 2023-09-08 23:30The tkinter package is a piece of malware that steals environment variables and sends them to attacker controlled locations.
All versions have been unpublished from the npm registry.
Recommendation
As this package is malware, if you find it installed in your environment, the real security concern is determining how it got there.
If you have found this installed in your environment, you should: 1. Delete the package 2. Clear your npm cache 3. Ensure it is not present in any other package.json files on your system 4. Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been present in your environment variables.
Additionally, any service which may have been exposed via credentials in your environment variables, such as a database, should be reviewed for indicators of compromise as well.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "tkinter"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-16061"
],
"database_specific": {
"cwe_ids": [
"CWE-433",
"CWE-506"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:56:07Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The `tkinter` package is a piece of malware that steals environment variables and sends them to attacker controlled locations. \n\nAll versions have been unpublished from the npm registry.\n\n\n## Recommendation\n\n\nAs this package is malware, if you find it installed in your environment, the real security concern is determining how it got there. \n\nIf you have found this installed in your environment, you should:\n1. Delete the package\n2. Clear your npm cache\n3. Ensure it is not present in any other package.json files on your system\n4. Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been present in your environment variables. \n\nAdditionally, any service which may have been exposed via credentials in your environment variables, such as a database, should be reviewed for indicators of compromise as well.",
"id": "GHSA-rwg6-3fmj-w4wx",
"modified": "2023-09-08T23:30:49Z",
"published": "2018-11-01T14:47:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16061"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/500"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "tkinter is malware"
}
Mitigation
Perform a type check before interpreting files.
Mitigation
Do not store sensitive information in files which may be misinterpreted.
No CAPEC attack patterns related to this CWE.