漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Anthropic Slack MCP Server Data Exfiltration via Link Unfurling
Vulnerability Description
A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embedding sensitive data. Slack’s link preview bots (e.g., Slack-LinkExpanding, Slackbot, Slack-ImgProxy) will then issue outbound requests to the attacker-controlled URL, resulting in zero-click exfiltration of private data.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Anthropic Slack Model Context Protocol Server 安全漏洞
Vulnerability Description
Anthropic Slack Model Context Protocol Server是Anthropic公司的一个链接大语言模型的开放标准协议。 Anthropic Slack Model Context Protocol Server存在安全漏洞,该漏洞源于数据处理不当,可能导致数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A