Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
0xKoda WireMCP Tshark CLI index.js server.tool os command injection
Vulnerability Description
A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
WireMCP 操作系统命令注入漏洞
Vulnerability Description
WireMCP是Koda个人开发者的一个实时网络流量分析工具。 WireMCP存在操作系统命令注入漏洞,该漏洞源于对组件Tshark CLI Command Handler中文件index.js函数server.tool的错误操作,可能导致os命令注入。
CVSS Information
N/A
Vulnerability Type
N/A