node-code-sandbox-mcp Command Injection Vulnerability Allowing Remote Code Execution

A command injection vulnerability allowing remote code execution has been identified in node-code-sandbox-mcp versions through 1.2.0. The issue arises from the unsanitized use of input parameters in a call to child_process.execSync, which enables attackers to inject arbitrary system commands. Exploitation of this vulnerability bypasses the sandbox protection of running code inside Docker containers, executing commands instead on the host machine under the server process's privileges.

Impact

Exploitation of this vulnerability leads to command injection, allowing for arbitrary commands to be executed on the host machine. This results in remote code execution under the privileges of the server process, effectively escaping the Docker sandbox where the code is supposed to be isolated.

Reproduction

The vulnerability can be reproduced by injecting commands through the MCP server's tools that execute JavaScript in a Docker container. By using indirect prompt injection, it's possible to craft a request that includes malicious commands, which are then executed on the host machine instead of inside the container. This can be done by creating a file with a specific content that, when processed by the MCP server, triggers the command injection.

Remediation

Users are advised to update to node-code-sandbox-mcp version 1.3.0 or later, where this vulnerability has been fixed.