line-desktop-mcp@1.0.17

MCP Server for LINE Desktop Automation via GUI scripting

  • latest version

    1.1.2

  • latest non vulnerable version

  • first published

    9 months ago

  • latest version published

    1 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the line-desktop-mcp package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Missing Authorization

    line-desktop-mcp is a MCP Server for LINE Desktop Automation via GUI scripting

    Affected versions of this package are vulnerable to Missing Authorization in the --http-mode process. An attacker can access and control LINE Desktop read and send tools by sending requests to the /mcp endpoint without authentication, allowing them to read chat history and send messages as the logged-in user if the HTTP port is reachable from the network. This is only exploitable if the server is started with --http-mode and is bound to a network-accessible interface.

    How to fix Missing Authorization?

    Upgrade line-desktop-mcp to version 1.1.2 or higher.

    <1.1.2