漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
github-kanban-mcp-server Command Injection vulnerability
Vulnerability Description
GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Version 0.3.0 of the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `add_comment` which relies on Node.js child process API `exec` to execute the GitHub (`gh`) command, is an unsafe and vulnerable API if concatenated with untrusted user input. As of time of publication, no known patches are available.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
GitHub Kanban MCP Server 操作系统命令注入漏洞
Vulnerability Description
GitHub Kanban MCP Server是Maki个人开发者的一个应用程序。 GitHub Kanban MCP Server 0.4.0版本存在操作系统命令注入漏洞,该漏洞源于add_comment工具存在命令注入。
CVSS Information
N/A
Vulnerability Type
N/A