donutbrowser

Simple Yet Powerful Anti-Detect Browser ๐Ÿฉ

zhombrowser-webRustAGPL-3.0
GitHub
0Tools
3Findings
1.1kStars
Mar 24, 2026Last Scanned
โš 1 high ยท 2 low findings detected

Findings3

1high
2low

High1

highP9Missing Container Resource LimitsMCP07-insecure-configT1499.001
Pattern "(?:image|build)\s*:[\s\S]{0,300}(?:ports|volumes)(?!.*(?:mem_limit|cpus|deploy|resources))" matched in source_code: "build:sync": "cd donut-sync && pnpm build", "cargo": "cd src-tauri && cargo", "unused-exports:js": "ts-unused-exports" (at position 1275)
Always set resource limits for MCP server containers: memory (--memory), CPU (--cpus), PIDs (--pids-limit), file descriptors (--ulimit nofile), and open files. In Kubernetes, set both requests and limits in the container spec. Use LimitRange and ResourceQuota at the namespace level as a safety net. Set pids.max in cgroups to prevent fork bombs. A missing PID limit allows a single tool invocation to fork-bomb the host (CVE-2025-26449 class).

Low2

lowD4Excessive Dependency CountMCP08-dependency-vuln
[Dependency] 53 direct dependencies (threshold: 50). Large dependency trees increase supply chain risk.
Audit dependencies. Remove unused packages. Prefer standard library functions.
lowF4MCP Spec Non-ComplianceMCP07-insecure-config
Server fails MCP spec compliance checks: required:server_name; required:server_version; required:protocol_version; recommended:tool_descriptions; recommended:parameter_descriptions
Follow the MCP specification for server metadata. Include server name, version, and protocol version. Provide descriptions for all tools and parameters.

Security Category Deep Dive

Sub-Category Tree ยท Remediation Roadmap ยท Attack Stories ยท Compliance Overlay ยท ATLAS Techniques ยท Maturity Model

โšก
Prompt Injection
Prompt & context manipulation attacks
69
Maturity
14
Rules
5
Sub-Categories
1
Gaps
64%
Implemented
56
Tests
1
Stories
PI-DIRDirect Input Injection
100%3 rules
Injection via tool descriptions and parameter fields
GAP-001Prompt Injection Coverage GapMissing detection coverage for emerging prompt injection attack variants not addressed by current rules
PI-INDIndirect / Gateway Injection
100%4 rules
Hidden instructions via external content and tool responses
PI-CTXContext Manipulation
100%2 rules
Context window saturation and prior-approval exploitation
PI-ENCEncoding & Obfuscation
100%3 rules
Payload hiding via invisible chars, base64, schema fields
PI-TPLTemplate & Output Poisoning
100%2 rules
Injection via prompt templates and runtime tool output
Framework Coverage
OWASP MCP Top 1014/14
MITRE ATLAS14/14
CoSAI MCP2/14
OWASP Agentic Top 1012/14
Kill Chain Phases
0Initial Access
0Defense Evasion
0Execution
0Persistence