python-utcp Command Injection Vulnerability in UTCP CLI Communication Protocol

A command injection vulnerability exists in python-utcp versions through 1.1.1. The issue arises in the _substitute_utcp_args method of cli_communication_protocol.py, where user-controlled tool_args values are inserted directly into shell command strings without proper sanitization or escaping. These commands are executed via /bin/bash -c on Unix or powershell.exe -Command on Windows, allowing attackers to inject and execute arbitrary shell commands.

Impact

Exploitation of this vulnerability leads to arbitrary command execution on the host system, with the executed commands running in the context of the user running the application.

Reproduction

To reproduce this vulnerability, define a tool that includes a placeholder for a filename argument. Then, provide a tool_args value that includes a command injection payload, such as a command to curl a URL with base64-encoded contents of the /etc/passwd file. When the tool is executed, the injected command will be executed on the host system, demonstrating the command injection vulnerability.

Remediation

Upgrade to python-utcp version 1.1.2 or later. In version 1.1.2, the vulnerability is fixed by properly shell-quoting substituted values, preventing command injection. Tools that relied on a single placeholder for multiple arguments must now use one placeholder per argument.