Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize user-supplied input, enabling the attacker to inject malicious commands that are executed with the privileges of the MCP process. Exploitation requires network access to the MCP interface.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
未保护的候选通道
Vulnerability Title
Framelink Figma MCP Server 安全漏洞
Vulnerability Description
Framelink Figma MCP Server是Graham Lipsman个人开发者的一个MCP服务器。 Framelink Figma MCP Server 0.6.3之前版本存在安全漏洞,该漏洞源于未正确清理用户输入,可能导致执行任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A