Wonderwhy-er

Desktopcommandermcp

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-11491

Exploit
  • EPSS 0.28%
  • Veröffentlicht 08.10.2025 19:02:05
  • Zuletzt bearbeitet 12.12.2025 18:35:12

A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate th...

9.8

CVE-2025-11490

Exploit
  • EPSS 0.29%
  • Veröffentlicht 08.10.2025 18:32:05
  • Zuletzt bearbeitet 12.12.2025 18:45:07

A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command ...

7

CVE-2025-11489

Exploit
  • EPSS 0.03%
  • Veröffentlicht 08.10.2025 18:15:34
  • Zuletzt bearbeitet 12.12.2025 18:46:20

A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only b...