Enviar #770616: AvinashBole quip-mcp-server <=0.1.0 Command Injectioninformación

Título	AvinashBole quip-mcp-server <=0.1.0 Command Injection
Descripción	A command injection vulnerability exists in quip-mcp-server due to unsafe use of child_process.exec when constructing Python script commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process.
Fuente	⚠️ https://github.com/AvinashBole/quip-mcp-server/issues/4
Usuario	Yinci Chen (UID 94659)
Sumisión	2026-03-03 14:23 (hace 2 meses)
Moderación	2026-03-14 23:50 (11 days later)
Estado	Aceptado
Entrada de VulDB	351099 [AvinashBole quip-mcp-server 1.0.0 src/index.ts setupToolHandlers escalada de privilegios]
Puntos	18

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!