Soumettre #770424: bazinga012 mcp_code_executor <=0.3.0 Command Injectioninformation

Titrebazinga012 mcp_code_executor <=0.3.0 Command Injection
DescriptionA command injection vulnerability exists in mcp_code_executor due to unsafe use of child_process.exec when constructing Python execution and package installation commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process.
La source⚠️ https://github.com/bazinga012/mcp_code_executor/issues/17
Utilisateur
 Yinci Chen (UID 94659)
Soumission03/03/2026 03:56 (il y a 2 mois)
Modérer15/03/2026 09:32 (12 days later)
StatutAccepté
Entrée VulDB351111 [bazinga012 mcp_code_executor jusqu’à 0.3.0 src/index.ts installDependencies élévation de privilèges]
Points19

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!