漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability
Vulnerability Description
gemini-mcp-tool execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of gemini-mcp-tool. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the execAsync method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27783.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Google Gemini MCP Tool 操作系统命令注入漏洞
Vulnerability Description
Google Gemini MCP Tool是美国谷歌(Google)公司的一个基于大模型上下文协议的工具组件。 Google Gemini MCP Tool 存在操作系统命令注入漏洞,该漏洞源于execAsync方法未验证用户输入即执行系统调用,可能导致远程命令执行。
CVSS Information
N/A
Vulnerability Type
N/A