漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
aws-mcp-server Command Injection Remote Code Execution Vulnerability
Vulnerability Description
aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the allowed commands list. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the MCP server. Was ZDI-CAN-27968.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
aws-mcp-server 操作系统命令注入漏洞
Vulnerability Description
aws-mcp-server是Alexei Ledenev个人开发者的一个一种轻量级服务,使AI助手能够通过模型上下文协议(MCP)执行AWS CLI命令(在安全的容器化环境中)。 aws-mcp-server存在操作系统命令注入漏洞,该漏洞源于对允许的命令列表验证不足,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A