Product
PolarVista xcode-mcp-server 1.0.0 is vulnerable to remote OS command injection via manipulation of the Request argument in the `build_project/run_tests` function, allowing attackers to execute arbitrary commands on the server.