5 matches found
EUVD-2025-26205
Malicious code in bioql PyPI...
OS Command Injection
@aiondadotcom/mcp-ssh is vulnerable to OS command injection. The vulnerability is due to insufficient input validation in the file server-simple.mjs component, which allows unsanitized data to be incorporated into system-level command execution and therefore enables an attacker to execute arbitra...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview @aiondadotcom/mcp-ssh is a MCP Agent for managing SSH hosts - A Model Context Protocol server for SSH operations Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to using the execAsync...
CVE-2025-9654
A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve...
CVE-2025-9654 AiondaDotCom mcp-ssh server-simple.mjs command injection
A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve...