6 matches found
Arbitrary Command Injection
Overview mcp-package-docs is an An MCP server that provides LLMs with efficient access to package documentation across multiple programming languages Affected versions of this package are vulnerable to Arbitrary Command Injection via unsanitized input passed to the exec function. An attacker can...
mcp-package-docs vulnerable to command injection in several tools
Summary A command injection vulnerability exists in the mcp-package-docs MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code...
CVE-2025-54073
mcp-package-docs is an MCP Model Context Protocol server that provides LLMs with efficient access to package documentation across multiple programming languages and language server protocol LSP capabilities. A command injection vulnerability exists in the mcp-package-docs MCP Server prior to the...
CVE-2025-54073 mcp-package-docs vulnerable to command injection in several tools
mcp-package-docs is an MCP Model Context Protocol server that provides LLMs with efficient access to package documentation across multiple programming languages and language server protocol LSP capabilities. A command injection vulnerability exists in the mcp-package-docs MCP Server prior to the...
CVE-2025-54073 mcp-package-docs vulnerable to command injection in several tools
mcp-package-docs is an MCP Model Context Protocol server that provides LLMs with efficient access to package documentation across multiple programming languages and language server protocol LSP capabilities. A command injection vulnerability exists in the mcp-package-docs MCP Server prior to the...
CVE-2025-54073 mcp-package-docs vulnerable to command injection in several tools
mcp-package-docs is an MCP Model Context Protocol server that provides LLMs with efficient access to package documentation across multiple programming languages and language server protocol LSP capabilities. A command injection vulnerability exists in the mcp-package-docs MCP Server prior to the...