CVE-2025-54073 (CNNVD-202507-2446)

HIGH
中文标题:
mcp-package-docs 命令注入漏洞
英文标题:
mcp-package-docs vulnerable to command injection in several tools
CVSS分数: 7.5
发布时间: 2025-07-18 15:45:09
漏洞类型: 命令注入
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

mcp-package-docs是Sam个人开发者的一个MCP服务器,为LLM提供跨多种编程语言对包文档的高效访问。 mcp-package-docs存在命令注入漏洞,该漏洞源于未清理输入参数,可能导致命令注入攻击。

英文描述:

mcp-package-docs is an MCP (Model Context Protocol) server that provides LLMs with efficient access to package documentation across multiple programming languages and language server protocol (LSP) capabilities. A command injection vulnerability exists in the `mcp-package-docs` MCP Server prior to the fix in commit cb4ad49615275379fd6f2f1cf1ec4731eec56eb9. The vulnerability is caused by the unsanitized use of input parameters within a call to `child_process.exec`, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. The server constructs and executes shell commands using unvalidated user input directly within command-line strings. This introduces the possibility of shell metacharacter injection (`|`, `>`, `&&`, etc.). Commit cb4ad49615275379fd6f2f1cf1ec4731eec56eb9 in version 0.1.27 contains a fix for the issue, but upgrading to 0.1.28 is recommended.

CWE类型:
CWE-77
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
sammcj mcp-package-docs < 0.1.27 - - cpe:2.3:a:sammcj:mcp-package-docs:<_0.1.27:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
https://github.com/sammcj/mcp-package-docs/security/advisories/GHSA-vf9j-h32g-2764 x_refsource_CONFIRM
cve.org
访问
https://github.com/sammcj/mcp-package-docs/commit/cb4ad49615275379fd6f2f1cf1ec4731eec56eb9 x_refsource_MISC
cve.org
访问
https://equixly.com/blog/2025/03/29/mcp-server-new-security-nightmare x_refsource_MISC
cve.org
访问
https://github.com/advisories/GHSA-3q26-f695-pp76 x_refsource_MISC
cve.org
访问
https://github.com/advisories/GHSA-5w57-2ccq-8w95 x_refsource_MISC
cve.org
访问
https://github.com/advisories/GHSA-gjv4-ghm7-q58q x_refsource_MISC
cve.org
访问
https://github.com/sammcj/mcp-package-docs/releases/tag/v0.1.27 x_refsource_MISC
cve.org
访问
https://github.com/sammcj/mcp-package-docs/releases/tag/v0.1.28 x_refsource_MISC
cve.org
访问
https://invariantlabs.ai/blog/mcp-github-vulnerability x_refsource_MISC
cve.org
访问
CVSS评分详情
3.1 (cna)
HIGH
7.5
CVSS向量: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2025-07-18 15:45:09
修改时间:
2025-07-22 18:31:13
创建时间:
2025-11-11 15:40:41
更新时间:
2025-11-11 16:00:00
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2025-54073 2025-11-11 15:23:28 2025-11-11 07:40:41
NVD nvd_CVE-2025-54073 2025-11-11 15:00:56 2025-11-11 07:48:29
CNNVD cnnvd_CNNVD-202507-2446 2025-11-11 15:12:51 2025-11-11 08:00:00
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 16:00:00
vulnerability_type: 未提取 → 命令注入; cnnvd_id: 未提取 → CNNVD-202507-2446; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 命令注入
  • cnnvd_id: 未提取 -> CNNVD-202507-2446
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:48:29
data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • data_sources: ['cve'] -> ['cve', 'nvd']