Количество 2
Количество 2
CVE-2025-54994
@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `which-app-on-port` which relies on Node.js child process API `exec` which is an unsafe and vulnerable API if concatenated with untrusted user input. Version 0.0.13 contains a fix for the issue.
GHSA-3ch2-jxxc-v4xf
@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-54994 @akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `which-app-on-port` which relies on Node.js child process API `exec` which is an unsafe and vulnerable API if concatenated with untrusted user input. Version 0.0.13 contains a fix for the issue. | 0% Низкий | 5 месяцев назад | |
| GHSA-3ch2-jxxc-v4xf @akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API | 0% Низкий | 5 месяцев назад |
Уязвимостей на страницу