Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zed does not show Parameter Values for MCP Tool Calls. Users cannot detect tool poisoning.
Vulnerability Description
Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used without the user having a chance to notice it. Patched in Zed Editor 0.219.4 which includes expandable tool call details.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
产品UI接口未警示用户不安全动作
Vulnerability Title
Zed 安全漏洞
Vulnerability Description
Zed是Zed Industries开源的一个代码编辑器。 Zed 0.219.4之前版本存在安全漏洞,该漏洞源于工具调用参数显示不足,可能导致恶意值被使用而用户无法察觉。
CVSS Information
N/A
Vulnerability Type
N/A