GHSA-g9rg-8vq5-mpwm

The security fix commit is addressing wildcard/pattern injection in SQLite GLOB tag filters by introducing _escape_glob() and applying it to user-controlled tag values. The suspected commit did introduce the vulnerable GLOB-based exact-tag matching without escaping metacharacters (*, ?, [), but the disclosed vulnerability is about wildcard CORS with credentials enabling cross-origin data theft, which is unrelated to this storage-layer tag matching change. So this commit may have introduced a different bug, but not the CORS vulnerability named in GHSA-g9rg-8vq5-mpwm.

• •Fix commit 749999f6 only changes src/mcp_memory_service/storage/sqlite_vec.py and adds _escape_glob() to sanitize user-controlled tag values for SQLite GLOB queries.
• •Search of the repository at the fix commit found no CORS/CORSMiddleware/allow_origins/allow_credentials matches in Python files, indicating the provided fix is not about CORS configuration.
• •Suspected commit e59d3d11 replaces LIKE with GLOB patterns such as "(',' || REPLACE(tags, ' ', '') || ',') GLOB ?" and passes raw user tags as patterns like "*,{tag},*" without escaping GLOB metacharacters.
• •The CVE description concerns wildcard CORS with credentials, while the suspected commit is a dashboard/tag-search correctness change in sqlite_vec.py, not web middleware or origin policy code.

The BIC (e59d3d1) introduced GLOB-based tag matching across multiple methods (search_by_tag, cleanup_by_tags, delete_by_tag, delete_by_tags, search_by_tag_chronological) but passed user-supplied tag values directly into GLOB patterns without escaping GLOB metacharacters (*, ?, [). This allowed attackers to craft tag values containing wildcards that would match unintended memories, enabling broader data access than authorized. The fix commit (749999f) addresses this by adding the `_escape_glob()` function and applying it to all locations where user-supplied tags are interpolated into GLOB patterns, including the exact lines introduced by the BIC.

• •BIC changed tag matching from LIKE to GLOB in 6+ methods: `tag_params = [f"*,{tag},*" for tag in stripped_tags]` without escaping GLOB metacharacters
• •Fix commit adds `_escape_glob()` function that escapes *, ?, and [ characters using bracket notation
• •Fix applies `_escape_glob()` to the exact same GLOB pattern locations introduced by the BIC, e.g., changing `f"*,{tag},*"` to `f"*,{_escape_glob(tag)},*"`
• •The vulnerability allows crafting tag values with GLOB wildcards (e.g., '*') to match and retrieve memories beyond what was intended, enabling cross-origin memory theft

The vulnerability described (GHSA-g9rg-8vq5-mpwm) is a CORS misconfiguration that allows cross-origin memory theft. However, both the provided fix commit and the suspected bug-introducing commit deal exclusively with database query logic in `sqlite_vec.py` and `cloudflare.py`. Specifically, the suspected BIC introduced a GLOB injection vulnerability by switching from `LIKE` to `GLOB` without escaping user input, and the fix commit resolves that GLOB injection. Since neither commit touches CORS configuration or middleware, the suspected BIC is completely unrelated to the described CORS vulnerability.

• •The vulnerability description explicitly states it is a CORS misconfiguration issue (CWE-942) related to wildcard origins and credentials.
• •The provided fix commit (749999f62dfd453d94cc72c9f71f8aea5599ba31) modifies `sqlite_vec.py` to add `_escape_glob` and fix a GLOB injection vulnerability in database queries. It does not modify any CORS settings.
• •The suspected bug-introducing commit (e59d3d1159f31ff276d8e78baccdf4cc66002688) modifies `sqlite_vec.py` and `cloudflare.py` to switch from `LIKE` to `GLOB` for tag matching, which introduced the GLOB injection issue.
• •Neither the fix commit nor the suspected BIC touch the files where CORS is configured (`src/mcp_memory_service/config.py` or `src/mcp_memory_service/web/app.py`).