FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fixed in 2.13.0.
oryginał ENCVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XJlowin Fastmcp
APPJlowin< 2.13.0
Powiązane podatności
FastMCP: path traversal i SSRF przez niekodowane parametry ścieżki URL
FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the Git...
FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not ...
FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containi...
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cro...