Qodo Gen Vulnerability Report Data Exfiltration Through Web Search Tool CVE Number: CVE-2020-5376-013 Summary: The Mass Search functionality within the Qodo Gen MCP server through v2.0.3 allows an attacker to exfiltrate data from a remote server. Products Impacted: Qodo Gen (v2.0.3) CVSS Score: 5.9 CWE Categorization: CWE-200: Information Disclosure Symlink Bypass in File System MCP Server Leading to Arbitrary Filesystem Read CVE Number: CVE-2020-5376-021 Summary: A symlink bypass vulnerability exists in the File System MCP server, allowing an attacker to read arbitrary files on the remote host. Products Impacted: Qodo Gen (v2.0.3) CVSS Score: 7.5 CWE Categorization: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Timeline August 12, 2020: Vendor disclosed the vulnerabilities and provided corresponding fixes. August 13, 2020: Vendor released new versions. September 18, 2020: Internal release candidate. October 2, 2020: Release candidate ready. October 17, 2020: Public disclosure. Project URL https://www.hiddenlayer.com/products/qodo-gen/