Количество 2
Количество 2
CVE-2025-66401
MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attacker to execute arbitrary commands on the host machine by appending shell metacharacters to the URL.
GHSA-27m7-ffhq-jqrm
MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-66401 MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attacker to execute arbitrary commands on the host machine by appending shell metacharacters to the URL. | CVSS3: 9.8 | 1% Низкий | 2 месяца назад |
| GHSA-27m7-ffhq-jqrm MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL | CVSS3: 9.8 | 1% Низкий | 2 месяца назад |
Уязвимостей на страницу