Awesome Cursor Mpc Server
Monthly
Command injection in awesome-cursor-mpc-server up to version 2.0.1 allows authenticated remote attackers to execute arbitrary system commands via the Code-Review Tool's runCodeReviewTool function in src/tools/codeReview.ts. The vulnerability stems from unsafe use of execSync with user-controlled input in git command construction. Publicly available exploit code exists, and a patch via PR #14 is available from the vendor, though formal release status is not confirmed.
Command injection in awesome-cursor-mpc-server up to version 2.0.1 allows authenticated remote attackers to execute arbitrary system commands via the Code-Review Tool's runCodeReviewTool function in src/tools/codeReview.ts. The vulnerability stems from unsafe use of execSync with user-controlled input in git command construction. Publicly available exploit code exists, and a patch via PR #14 is available from the vendor, though formal release status is not confirmed.