Homepage

@sunwood-ai-labs/github-kanban-mcp-server@0.3.0 vulnerabilities

A Model Context Protocol server for managing GitHub issues as Kanban using gh CLI

  • latest version

    0.3.0

  • first published

    7 months ago

  • latest version published

    7 months ago

  • licenses detected

  • View github-kanban-mcp-server package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @sunwood-ai-labs/github-kanban-mcp-server package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Command Injection

    @sunwood-ai-labs/github-kanban-mcp-server is an A Model Context Protocol server for managing GitHub issues as Kanban using gh CLI

    Affected versions of this package are vulnerable to Command Injection via the add_comment function in the comment-handlers.ts file, which uses the Node.js child process API exec to execute system commands with untrusted user input. An attacker can execute arbitrary system commands by supplying crafted input that is concatenated into the command line.

    How to fix Command Injection?

    There is no fixed version for @sunwood-ai-labs/github-kanban-mcp-server.

    >=0.0.0
    Go back to all versions of this package