Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
Vulnerability Description
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fixed in 2.13.0.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
FastMCP 操作系统命令注入漏洞
Vulnerability Description
FastMCP是Jeremiah Lowin个人开发者的一个MCP服务器构建软件。 FastMCP 2.13.0之前版本存在操作系统命令注入漏洞,该漏洞源于server_name字段容易受到命令注入攻击,可能导致在Windows主机上执行任意OS命令。
CVSS Information
N/A
Vulnerability Type
N/A