Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Agions taskflow-ai terminal_execute handlers.ts os command injection
Vulnerability Description
A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminal_execute. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. Upgrading to version 2.1.9 will fix this issue. The patch is named c1550b445b9f24f38c4414e9a545f5f79f23a0fe. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
TaskFlow AI 操作系统命令注入漏洞
Vulnerability Description
TaskFlow AI是Agions个人开发者的一个AI思维流编排与可视化引擎。 TaskFlow AI 2.1.8及之前版本存在操作系统命令注入漏洞,该漏洞源于组件terminal_execute的文件src/mcp/server/handlers.ts中的未知函数存在os命令注入,可能导致远程攻击。
CVSS Information
N/A
Vulnerability Type
N/A