| शीर्षक | Intina47 context-sync 2.0.0 OS Command Injection |
|---|
| विवरण | A command injection vulnerability (CWE-78) has been identified in @context-sync/server, specifically within the git-integration.ts component. An attacker with network access to the MCP/HTTP interface can supply maliciously crafted input through request parameters that flow unsanitized into OS command execution sinks (e.g., git blame). This allows arbitrary system commands to be executed with the privileges of the server process, leading to full host compromise, including data exposure, integrity loss, and potential service disruption. Versions up to and including 2.0.0 are confirmed affected.
|
|---|
| स्रोत | ⚠️ https://github.com/Intina47/context-sync/issues/31 |
|---|
| उपयोगकर्ता | MidA (UID 96794) |
|---|
| सबमिशन | 07/04/2026 10:34 AM (20 दिन पहले) |
|---|
| संयम | 26/04/2026 09:07 AM (19 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359637 [Intina47 context-sync तक 2.0.0 Git Integration src/git-integration.ts अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|