2 matches found
sf-mcp-server 操作系统命令注入漏洞
sf-mcp-server is a context-based protocol server developed by Anton Kutishevsky. sf-mcp-server has an operating system command injection vulnerability. This vulnerability arises from unsafe operations when using childprocess.exec to handle user input, which may lead to command injection attacks...
GHSA-3CH2-JXXC-V4XF @akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API
Command Injection in MCP Server The MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the to...