Stata-MCP Command Injection Vulnerability Allowing Remote Code Execution

A command injection vulnerability has been identified in Stata-MCP versions prior to 1.13.0. This issue arises from inadequate validation of user-supplied Stata do-file content, which can lead to unauthorized command execution. The vulnerability is present in the 'stata_do' tool, where user-provided do-files are executed directly using 'subprocess.Popen' with 'shell=True'. This allows Stata's shell-escape directives, such as '!cmd' and 'shell cmd', to be interpreted as real operating system commands on macOS and Linux, resulting in remote code execution on the host where the MCP server is running.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server hosting the MCP application, achieved by embedding Stata shell-escape directives in a malicious do-file.

Reproduction

To reproduce this vulnerability, create a Stata do-file containing a shell-escape directive, such as '!whoami'. Save the file to a location accessible by the MCP server, like '/tmp/malicious.do'. Then, use the 'stata_do' tool to execute the do-file. The MCP server will forward the do-file content to Stata, which will execute the embedded command on the host machine, demonstrating the command injection.

Remediation

Users are advised to update to Stata-MCP version 1.13.0 or later, where this vulnerability has been addressed. In the updated version, an initial guard has been added to block Stata shell-escape directives, preventing potential command injection.