3 matches found
GHSA-27M7-FFHQ-JQRM MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL
Summary The MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attacker to execute arbitrary commands on the host...
Command Injection
Overview mcp-watch is a Security scanner for Model Context Protocol MCP servers - detect vulnerabilities and security issues Affected versions of this package are vulnerable to Command Injection via the cloneRepo function in the /scanner/McpScanner.ts file. An attacker can execute arbitrary...
PT-2025-48575
Name of the Vulnerable Software and Affected Versions MCP Watch versions 0.1.2 and earlier Description MCP Watch, a security scanner for Model Context Protocol MCP servers, contains a Command Injection issue in the cloneRepo method of the MCPScanner class. The application directly passes the...