AiondaDotCom mcp-ssh Command Injection Vulnerability in Versions Prior to 1.0.4
Vulnerability
A command injection vulnerability has been identified in AiondaDotCom mcp-ssh versions prior to 1.0.4. The issue resides in the file server-simple.mjs, where user-supplied input is improperly handled when constructing SSH commands. This flaw allows remote attackers to inject arbitrary commands, potentially leading to unauthorized command execution on the server.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the server where the affected version of mcp-ssh is running.
Reproduction
The vulnerability can be reproduced by sending crafted input that includes shell metacharacters, such as command substitution constructs, to the SSH command execution functions in the mcp-ssh server. This input manipulation bypasses the application's input sanitization and is executed as a system command, demonstrating the command injection flaw.
Remediation
Users are advised to upgrade to AiondaDotCom mcp-ssh version 1.0.4 or 1.1.0, both of which include the necessary fix for this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.