CNNVD-202507-153 Information
CNNVD ID
CNNVD-202507-153
Related CVE
- CNNVD Published: 2025-07-02
Description (Chinese)
Model Context Protocol Servers是Model Context Protocol开源的一个大模型上下文协议服务器。 Model Context Protocol Servers 0.6.4之前版本和2025.7.01之前版本存在后置链接漏洞,该漏洞源于符号链接可能导致访问意外文件。
Description (English)
Model ContoxProtocol Servers is a large-model context protocol server for the Model ContextProtocol open source. There is a backlink loophole in the previous editions of Model ContexProtocol Servers 0.6.4 and 2025.7.01, which stems from the fact that a symbol link may lead to an unexpected access to a file.
Hazard Level
High
Vulnerability Type
后置链接
Affected Vendor
Model Context Protocol
Published
2025-07-02
Last Modified
2026-02-24
References
https://github.com/modelcontextprotocol/servers/commit/d00c60df9d74dba8a3bb13113f8904407cda594f https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-q66q-fx2p-7w4m
Patch
https://github.com/modelcontextprotocol/servers/releases
Share on: