Submeter #770421: hypermodel-labs mcp-server-auto-commit <=0.0.1 Command Injectioninformação

Títulohypermodel-labs mcp-server-auto-commit <=0.0.1 Command Injection
DescriçãoA command injection vulnerability exists in mcp-server-auto-commit due to unsafe use of child_process.exec when constructing a cd command with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process.
Fonte⚠️ https://github.com/hypermodel-labs/mcp-server-auto-commit/issues/7
Utilizador
 Yinci Chen (UID 94659)
Submissão03/03/2026 03h53 (há 2 meses)
Moderação15/03/2026 09h29 (12 days later)
EstadoAceite
Entrada VulDB351110 [hypermodel-labs mcp-server-auto-commit 1.0.0 index.ts getGitChanges Elevação de Privilégios]
Pontos18

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!