Security MCP Server

Overview Schema Related Servers Score Discussions

MIT License

dynamic-code-injection.cs•1.26 kB

// The following code is vulnerable to arbitrary code execution // because it compiles and runs HTTP data. using System.CodeDom.Compiler; public class ExampleController : Controller { public void Run(string message) { const string code = @" using System; public class MyClass { public void MyMethod() { Console.WriteLine(""" + message + @"""); } } "; var provider = CodeDomProvider.CreateProvider("CSharp"); var compilerParameters = new CompilerParameters { ReferencedAssemblies = { "System.dll", "System.Runtime.dll" } }; var compilerResults = provider.CompileAssemblyFromSource(compilerParameters, code); object myInstance = compilerResults.CompiledAssembly.CreateInstance("MyClass"); myInstance.GetType().GetMethod("MyMethod").Invoke(myInstance, new object[0]); } } // OWASP Top 10 2021 Category A3 - Injection // OWASP Top 10 2017 Category A1 - Injection // MITRE, CWE-20 - Improper Input Validation // MITRE, CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') // SANS Top 25 - Risky Resource Management

Latest Blog Posts

OpenTelemetry for Model Context Protocol (MCP) Analytics and Agent Observability
By Om-Shree-0709 on .
observability
mcp
opentelemetry
Securing Enterprise AI Agents with Unique Identities in the Model Context Protocol (MCP)
By Om-Shree-0709 on .
When Your Year of Work Gets Copied Overnight: What Actually Matters?
By punkpeye on .
startups

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/michoo/security_mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server