إرسال #789810: awwaiid mcp-server-taskwarrior <=1.0.1 Command Injectionالمعلومات

عنوانawwaiid mcp-server-taskwarrior <=1.0.1 Command Injection
الوصفA command injection vulnerability exists in awwaiid/mcp-server-taskwarrior due to unsafe use of child_process.execSync when constructing TaskWarrior CLI commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process.
المصدر⚠️ https://github.com/awwaiid/mcp-server-taskwarrior/issues/8
المستخدم
 Yinci Chen (UID 94659)
ارسال26/03/2026 07:45 AM (29 أيام منذ)
الاعتدال08/04/2026 07:15 PM (13 days later)
الحالةتمت الموافقة
إدخال VulDB356289 [awwaiid mcp-server-taskwarrior حتى 1.0.1 index.ts server.setRequestHandler المعرف تجاوز الصلاحيات]
النقاط19

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!