This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Cherry Studio v1.5.1 suffers from **OS Command Injection** (CWE-78).β¦
π‘οΈ **Root Cause**: **Improper Neutralization of Special Elements** (CWE-78). The application fails to sanitize URLs when establishing the **streamableHttp MCP server connection**.β¦
π₯ **Affected**: Users of **Cherry Studio version 1.5.1**. π’ **Vendor**: CherryHQ (Cherry Studio). π¦ **Component**: The streamableHttp MCP server connection module.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: **High** (CVSS A:H). Attackers gain the ability to execute arbitrary commands. π **Data**: **High** (CVSS C:H/I:H).β¦
β οΈ **Threshold**: **Low** (CVSS AC:L). However, it requires **User Interaction** (UI:R). π±οΈ The victim must likely initiate or approve the MCP server connection with a malicious URL.β¦
π« **Public Exploit**: **No**. The `pocs` field is empty. π **Advisory**: A GitHub Security Advisory (GHSA-gjp6-9cvg-8w93) exists, but no public Proof-of-Concept (PoC) or wild exploitation code is currently available.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Verify if you are running **Cherry Studio v1.5.1**. π Check for any custom or third-party MCP server configurations using the `streamableHttp` protocol.β¦
π‘οΈ **Official Fix**: **Yes**. The vendor has published a security advisory on GitHub. π **Action**: Update to the patched version immediately. Refer to the GHSA link for specific patch details.
Q9What if no patch? (Workaround)
π§ **Workaround**: If patching is delayed, **disable** or **restrict** the use of the `streamableHttp` MCP server connection. π« Do not input URLs from untrusted sources into the connection field.β¦
π₯ **Urgency**: **HIGH**. CVSS Score is **Critical** (9.8 implied by H/H/H). π¨ Even though User Interaction is required, the impact is severe (RCE). πββοΈ **Priority**: Patch immediately upon release. Monitor for updates.