CNNVD-202507-1921 Information
CNNVD ID
CNNVD-202507-1921
Related CVE
- CNNVD Published: 2025-07-14
Description (Chinese)
GitHub Kanban MCP Server是Maki个人开发者的一个应用程序。 GitHub Kanban MCP Server 0.4.0版本存在操作系统命令注入漏洞,该漏洞源于add_comment工具存在命令注入。
Description (English)
GitHub Kanban MCP Server is an application for Maki personal developers. Version 0.4.0 of GitHub Kanban MCP Server contains a gap in the OS command, which arises from the command injection of the add comment tool.
Hazard Level
Low
Vulnerability Type
操作系统命令注入
Affected Vendor
Live Support
Published
2025-07-14
Last Modified
2026-02-24
References
https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/blob/main/src/handlers/comment-handlers.ts#L8 https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/blob/v0.4.0/src/handlers/comment-handlers.ts#L8-L23 https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/blob/main/src/handlers/tool-handlers.ts#L79 https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/security/advisories/GHSA-6jx8-rcjx-vmwf https://access.redhat.com/security/cve/cve-2025-53818
Share on: