提交 #795502: Divyanshu-hash GitPilot-MCP 9ed9f153ba4158a2ad230ee4871b25130da29ffd Command Injection信息

标题Divyanshu-hash GitPilot-MCP 9ed9f153ba4158a2ad230ee4871b25130da29ffd Command Injection
描述The run_tests tool accepts an attacker-controlled command argument and executes it with shell=True. Because the parameter is not validated or restricted to known test runners, a malicious caller can inject arbitrary shell commands. run_tests(repo_path, command) directly exposes command to callers. subprocess.run(command, shell=True, cwd=repo_path, ...) executes the string through a shell. No command allowlist or escaping is applied.
来源⚠️ https://github.com/wing3e/public_exp/issues/38
用户
 BigW (UID 96422)
提交2026-04-02 15時16分 (2 月前)
管理2026-04-24 20時56分 (22 days later)
状态已接受
VulDB条目359523 [Divyanshu-hash GitPilot-MCP 直到 9ed9f153ba4158a2ad230ee4871b25130da29ffd main.py repo_path command 权限提升]
积分20

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!