| タイトル | MoussaabBadla code-screenshot-mcp 0.1.0 Command Injection |
|---|
| 説明 | A command injection vulnerability (CWE-78) has been identified in code-screenshot-mcp, specifically within the generator.ts component. An attacker with network access to the MCP/HTTP interface can supply maliciously crafted input through request parameters that flow unsanitized into OS command execution via execAsync calls. This allows arbitrary system commands to be executed with the privileges of the server process, leading to full host compromise, including data exposure, integrity loss, and potential service disruption. Versions up to and including 0.1.0 are confirmed affected. |
|---|
| ソース | ⚠️ https://github.com/wing3e/public_exp/issues/23 |
|---|
| ユーザー | BruceJin (UID 96538) |
|---|
| 送信 | 2026年03月18日 04:03 (1 月 ago) |
|---|
| モデレーション | 2026年04月04日 08:24 (17 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 355281 [MoussaabBadla code-screenshot-mcp 迄 0.1.0 HTTP Interface 特権昇格] |
|---|
| ポイント | 20 |
|---|