William31212

**Name of the Vulnerable Software and Affected Versions** feiskyer mcp-kubernetes-server versions through 0.1.11 **Description** The software does not properly handle chained commands when using the `--disable-write` and `--disable-delete` options. Specifically, it allows commands containing chained operations (e.g., `kubectl version; kubectl delete pod`) because it only checks the first word of the command to determine if it is a write or delete operation. **Recommendations** Update to a version beyond 0.1.11.

**Name of the Vulnerable Software and Affected Versions** feiskyer mcp-kubernetes-server versions through 0.1.11 **Description** feiskyer mcp-kubernetes-server is susceptible to an OS command injection issue. This occurs through the `/mcp/kubectl` API endpoint, even when the system is in read-only mode, due to the use of `shell=True`. **Recommendations** Update feiskyer mcp-kubernetes-server to a version beyond 0.1.11.