Kazuph MCP-Docs-RAG Command Injection Vulnerability

A command injection vulnerability exists in Kazuph MCP-Docs-RAG versions through 0.5.0. The issue arises in the 'cloneRepository' function within 'src/index.ts', specifically in the 'add_git_repository' and 'add_text_file' components. The vulnerability allows for arbitrary OS command execution by manipulating user-controlled input, which is then executed with the same privileges as the MCP server process. This exploitation must be performed locally, and a public proof-of-concept is available.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server where the MCP service is running, potentially leading to unauthorized access, data manipulation, or changes to the server environment, depending on the executed commands and the server's configuration.

Reproduction

To reproduce this vulnerability, upload a text file named 'poc.txt' to the current working directory using the 'add_git_repository' tool. Injected commands will be executed with the same privileges as the MCP server process. After the command execution, the 'poc.txt' file will appear in the directory, confirming successful exploitation.

Remediation

It is recommended to avoid using 'exec' for command execution. Instead, use 'execFile', which allows for safer command execution by treating arguments as separate elements. Additionally, implement strict input validation for parameters exposed to MCP clients, particularly 'repository_url', 'subdirectory', and 'file_url', to prevent injection attacks.