漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Mobile Next has Arbitrary Android Intent Execution via mobile_open_url
Vulnerability Description
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. This vulnerability is fixed in 0.0.50.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Vulnerability Type
自定义URL方案处理程序中的授权不正确
Vulnerability Title
Mobile Next 安全漏洞
Vulnerability Description
Mobile Next是Mobile Next开源的一个移动应用自动化开发与测试工具。 Mobile Next 0.0.50之前版本存在安全漏洞,该漏洞源于mobile_open_url工具未验证用户提供的URL方案,可能导致执行任意Android意图。
CVSS Information
N/A
Vulnerability Type
N/A