BurtTheCoder mcp-maigret Command Injection Vulnerability in Username Search Component

A command injection vulnerability has been identified in BurtTheCoder mcp-maigret versions through 1.0.12. The issue resides in the username search functionality, specifically within the file src/index.ts. The vulnerability allows for remote exploitation by manipulating the 'username' parameter, which is not properly validated before being used in command execution.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server where mcp-maigret is running.

Reproduction

To reproduce this vulnerability, send a request to the mcp-maigret server's 'search_username' tool with a crafted 'username' parameter. The input should include characters that can be interpreted as command instructions. The server's response will indicate whether the command injection was successful.

Remediation

Upgrade to mcp-maigret version 1.0.13, which addresses the vulnerability by replacing the 'exec' function with 'execFile' to prevent shell command injection. The update also includes improved input validation for usernames, URLs, and tags. Version 1.0.13 is available on the project's GitHub releases page.