In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Missing Authorization vulnerabilities in an interactive lesson.
Start learningUpgrade @grackle-ai/mcp to version 0.132.2 or higher.
@grackle-ai/mcp is a MCP (Model Context Protocol) server for Grackle — translates MCP tool calls to ConnectRPC
Affected versions of this package are vulnerable to Missing Authorization due to inconsistent enforcement of authorization checks in the tool layer. An attacker can gain unauthorized access to perform cross-task and cross-session operations, such as updating, deleting, or resuming tasks and sessions belonging to other users, as well as reading data across all workspaces, by supplying arbitrary task or session identifiers and leveraging insufficient session revocation mechanisms.