Описание
LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fixed in v0.8.2-rc2.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:librechat:librechat:0.8.2:rc1:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00042
Низкий
9.1 Critical
CVSS3
9.9 Critical
CVSS3
Дефекты
CWE-285
EPSS
Процентиль: 13%
0.00042
Низкий
9.1 Critical
CVSS3
9.9 Critical
CVSS3
Дефекты
CWE-285