漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
AWS API MCP File Access Restriction Bypass
Vulnerability Description
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To remediate this issue, users should upgrade to version 1.3.9.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
对候选路径的不恰当保护
Vulnerability Title
Amazon Web Services API MCP Server 安全漏洞
Vulnerability Description
Amazon Web Services API MCP Server是Amazon Web Services开源的一个大模型上下文服务器。 Amazon Web Services API MCP Server 0.2.14至1.3.9之前版本存在安全漏洞,该漏洞源于对备用路径的保护不当,可能导致绕过预期的文件访问限制,并在MCP客户端应用环境中暴露任意本地文件内容。
CVSS Information
N/A
Vulnerability Type
N/A