Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection
Vulnerability Description
A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
mcp-docs-rag MCP Server 操作系统命令注入漏洞
Vulnerability Description
mcp-docs-rag MCP Server是Kazuhiro Homma个人开发者的一个基于本地文档的RAG问答服务器。 mcp-docs-rag MCP Server 0.5.0及之前版本存在操作系统命令注入漏洞,该漏洞源于组件add_git_repository/add_text_file中文件src/index.ts的函数cloneRepository存在os命令注入,可能导致本地攻击者执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A