wonderwhy-er DesktopCommanderMCP Command Injection Vulnerability in Absolute Path Handler

A critical OS command injection vulnerability has been identified in wonderwhy-er DesktopCommanderMCP versions through 0.2.13. The issue arises in the 'extractBaseCommand' function within 'src/command-manager.ts', where the application fails to properly normalize command paths. This oversight allows users to bypass the command blocklist by specifying absolute paths to blocked commands, leading to arbitrary command execution. The vulnerability can be exploited remotely, and its impact varies based on the privileges of the user running the server.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server, bypassing established command restrictions. This could lead to unauthorized actions being performed, depending on the privileges of the user executing the commands.

Reproduction

To reproduce this vulnerability, set up DesktopCommanderMCP with an MCP Client. Identify the absolute path of a blocked command, such as 'iptables', and send a request through Desktop Commander that includes the absolute path of the blocked command. The command execution should be allowed, demonstrating the bypass of the blocklist.

Remediation

It is recommended to modify the 'extractBaseCommand' function to normalize command inputs by extracting only the base name of the path, using Node.js's 'path.basename()' function before processing the command.