Blackbird_Bb

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read resource of the file src/mysql mcp server/server.py of the component mysql URI Handler. This manipulation of the argument uri str causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.3.0 is sufficient to resolve this issue. Patch name: 080bef9a96d625ce0dfbde573a08b93497871981. Upgrading the affected component is advised.

**Name of the Vulnerable Software and Affected Versions** tufantunc ssh-mcp versions prior to 1.5.1 **Description** A weakness in the Command Line Handler component, specifically within the `src/index.ts` file, leads to insufficiently protected credentials. This issue requires local execution to be exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tufantunc ssh-mcp versions prior to 1.5.1 **Description** Command injection can occur via the `shell.write()` function located in the `src/index.ts` file. This issue arises from the manipulation of the `Description` argument and requires the attack to be performed locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the `shell.write()` function to minimize the risk of exploitation.