| शीर्षक | GitHub AiondaDotCom/mcp-ssh <=v1.0.3 Command Injection |
|---|
| विवरण | AiondaDotCom/mcp-ssh is a MCP (Model Context Protocol) server that provides LLMs with access to functionalities of ssh clients that can interact with remote ssh servers such as sending commands or copy files. Command injection vulnerabilities exist in the tools. The issue arises from improper handling of user-supplied input passed to `child_process.exec` when constructing the SSH client command. While the implementation attempted to sanitize double quotes, this can be bypassed using command substitution constructs such as `$(...)`, allowing attackers to inject arbitrary system commands. |
|---|
| स्रोत | ⚠️ https://github.com/AiondaDotCom/mcp-ssh/commit/cd2566a948b696501abfa6c6b03462cac5fb43d8 |
|---|
| उपयोगकर्ता | amgisn (UID 89170) |
|---|
| सबमिशन | 18/08/2025 10:18 PM (8 महीनों पहले) |
|---|
| संयम | 29/08/2025 08:59 AM (10 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 321862 [AiondaDotCom mcp-ssh तक 1.0.3 server-simple.mjs अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|