Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Blinko: Admin RCE - MCP Server Command Injection
Vulnerability Description
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the MCP (Model Context Protocol) server creation function allows specifying arbitrary commands and arguments, which are executed when testing the connection. This issue has been patched in version 1.8.4.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Blinko 操作系统命令注入漏洞
Vulnerability Description
Blinko是Blinko开源的一款基于人工智能的卡片式笔记应用,专为想要快速捕捉和整理转瞬即逝的灵感的用户而设计。 Blinko 1.8.4之前版本存在操作系统命令注入漏洞,该漏洞源于MCP服务器创建函数允许指定任意命令和参数,这些命令和参数在测试连接时被执行。
CVSS Information
N/A
Vulnerability Type
N/A