From eb5f240d3e5456f971213077578f6b93ee377036 Mon Sep 17 00:00:00 2001 From: docker-claude Date: Mon, 20 Apr 2026 15:28:20 +0200 Subject: [PATCH] fix(docker): patch transitive CVEs in MCP server dependencies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MCP servers bundle their own copies of vulnerable packages. After global install, patch nested node_modules in each server directly: - @modelcontextprotocol/sdk 1.0.1 → 1.25.2 (CVE-2025-66414, CVE-2026-0621) - picomatch 4.0.3 → 4.0.4 (CVE-2026-33671) Co-Authored-By: Claude Sonnet 4.6 --- claude/Dockerfile | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/claude/Dockerfile b/claude/Dockerfile index f31efec..07a3560 100644 --- a/claude/Dockerfile +++ b/claude/Dockerfile @@ -37,6 +37,22 @@ RUN npm install -g \ @aashari/mcp-server-atlassian-jira \ @aashari/mcp-server-atlassian-confluence +# Patch transitive CVEs bundled inside MCP server node_modules: +# CVE-2025-66414, CVE-2026-0621 — @modelcontextprotocol/sdk <1.25.2 +# CVE-2026-33671 — picomatch <4.0.4 +RUN for pkg_dir in \ + /usr/local/lib/node_modules/@modelcontextprotocol/server-github \ + /usr/local/lib/node_modules/@yoda.digital/gitlab-mcp-server \ + /usr/local/lib/node_modules/@aashari/mcp-server-atlassian-jira \ + /usr/local/lib/node_modules/@aashari/mcp-server-atlassian-confluence; do \ + [ -d "$pkg_dir" ] && \ + cd "$pkg_dir" && \ + npm install --no-audit --no-fund \ + @modelcontextprotocol/sdk@1.25.2 \ + picomatch@4.0.4 \ + || true; \ + done + # Workspace and Claude config dir — owned by the built-in node user (uid 1000). # Pre-creating ~/.claude ensures the named volume is initialised with the # correct ownership when first mounted (Docker copies image content into