| Titel | awwaiid mcp-server-taskwarrior <=1.0.1 Command Injection |
|---|
| Beschreibung | A command injection vulnerability exists in awwaiid/mcp-server-taskwarrior due to unsafe use of child_process.execSync when constructing TaskWarrior CLI commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process. |
|---|
| Quelle | ⚠️ https://github.com/awwaiid/mcp-server-taskwarrior/issues/8 |
|---|
| Benutzer | Yinci Chen (UID 94659) |
|---|
| Einreichung | 26.03.2026 07:45 (vor 16 Tagen) |
|---|
| Moderieren | 08.04.2026 19:15 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 356289 [awwaiid mcp-server-taskwarrior bis 1.0.1 index.ts server.setRequestHandler Bezeichnung erweiterte Rechte] |
|---|
| Punkte | 19 |
|---|