baryhuang mcp-server-aws-resources-python Code Injection Vulnerability Allowing Remote Code Execution

A code injection vulnerability has been identified in baryhuang/mcp-server-aws-resources-python version 0.1.0. This vulnerability allows remote code execution due to inadequate input validation in the execute_query method. The issue arises from the exposure of potentially harmful Python built-in functions, such as __import__, getattr, and hasattr, in the execution namespace. This exposure enables attackers to execute arbitrary Python code by crafting malicious queries. Exploitation of this vulnerability could lead to the theft of AWS credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY), unauthorized access to sensitive AWS resources, file system access, disclosure of environment variables, and potential system compromise.

Impact

Exploitation of this vulnerability allows for arbitrary code execution, with a high risk of AWS credential theft and unauthorized access to AWS resources. Additionally, it could lead to a complete system compromise.

Reproduction

The vulnerability can be reproduced by sending a crafted query that exploits the execute_query method. The injected code can use the exposed built-in functions to execute arbitrary commands or access sensitive information, such as AWS credentials or environment variables.

Remediation

To address this vulnerability, remove the exec() function from the execute_query method and replace it with safer alternatives. Additionally, eliminate the exposure of dangerous built-in functions from the execution namespace. Implement a whitelist for function calls to restrict execution to safe, predefined functions.