Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec
Vulnerability Description
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
sf-mcp-server 操作系统命令注入漏洞
Vulnerability Description
sf-mcp-server是Anton Kutishevsky个人开发者的一个上下文协议服务器。 sf-mcp-server存在操作系统命令注入漏洞,该漏洞源于使用child_process.exec处理用户输入时存在不安全操作,可能导致命令注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A