Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@executeautomation/database-server does not properly restrict access, bypassing a "read-only" mode
Vulnerability Description
The mcp-database-server (MCP Server) 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" mode. This vulnerability affects only the npm distribution; other distributions are not impacted. As a result, the server is susceptible to abuse and attacks on affected database systems such as PostgreSQL, and potentially others that expose elevated functionalities. These attacks may lead to denial of service and other unexpected behaviors.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
MCP Database Server 安全漏洞
Vulnerability Description
MCP Database Server是ExecuteAutomation个人开发者的一个MCP数据库服务器。 MCP Database Server 1.1.0及之前版本存在安全漏洞,该漏洞源于未正确实施安全控制来强制执行只读模式,可能导致拒绝服务和意外行为。
CVSS Information
N/A
Vulnerability Type
N/A