Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LSTM-Kirigaya's openmcp-client Vulnerable to RCE in MCP Authorization Flow
Vulnerability Description
LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in the open() invocation, leading to client system compromise. This issue has been patched in version 0.1.12.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
openmcp-client 操作系统命令注入漏洞
Vulnerability Description
openmcp-client是Kirigaya Kazuto个人开发者的一个多功能vscode插件。 openmcp-client 0.1.12之前版本存在操作系统命令注入漏洞,该漏洞源于Windows平台连接恶意MCP服务器可能导致OS命令注入。
CVSS Information
N/A
Vulnerability Type
N/A