漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Model Context Protocol Servers Vulnerable to Path Validation Bypass via Prefix Matching and Symlink Handling
Vulnerability Description
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01 resolve.
CVSS Information
N/A
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
Model Context Protocol Servers 后置链接漏洞
Vulnerability Description
Model Context Protocol Servers是Model Context Protocol开源的一个大模型上下文协议服务器。 Model Context Protocol Servers 0.6.4之前版本和2025.7.01之前版本存在后置链接漏洞,该漏洞源于符号链接可能导致访问意外文件。
CVSS Information
N/A
Vulnerability Type
N/A