RyuzakiShinji Biome-MCP-Server Command Injection Vulnerability

A command injection vulnerability has been identified in RyuzakiShinji Biome-MCP-Server versions through 1.0.0. The issue arises in the file 'biome-mcp-server.ts', where user input is improperly handled, allowing for arbitrary command execution on the server. This vulnerability can be exploited remotely and has been publicly disclosed, with an available proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server where the MCP service is running, potentially leading to unauthorized access, data manipulation, or changes to the server environment, depending on the privileges of the MCP server process.

Reproduction

To reproduce this vulnerability, first upload the exploit to a directory accessible by the MCP server. Then, start the MCP server and connect to it using the MCP Inspector. Once connected, select the 'biome-lint' tool and inject a command into the 'paths' parameter by concatenating it with a command injection payload, such as 'whoami', directed to a file on the system. After running the tool, check the specified file to confirm the injected command was executed.

Remediation

Users are advised to update to the patched version of Biome-MCP-Server, which is available on the project's GitHub repository.