| Название | efforthye fast-filesystem-mcp <= 3.5.1 Command Injection |
|---|
| Описание | A command injection vulnerability exists in efforthye/fast-filesystem-mcp due to unsafe use of child_process.execAsync when constructing shell commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process. |
|---|
| Источник | ⚠️ https://github.com/efforthye/fast-filesystem-mcp/issues/15 |
|---|
| Пользователь | Yinci Chen (UID 94659) |
|---|
| Представление | 16.03.2026 12:39 (22 дни назад) |
|---|
| Модерация | 01.04.2026 15:27 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 354658 [efforthye fast-filesystem-mcp до 3.5.1 src/index.ts handleGetDiskUsage эскалация привилегий] |
|---|
| Баллы | 18 |
|---|