Braffolk mcp-summarization-functions OS Command Injection Vulnerability

A command injection vulnerability has been identified in Braffolk mcp-summarization-functions versions through 0.1.5. The issue resides in the 'summarize_command' component, specifically within the 'src/server/mcp-server.ts' file. The vulnerability allows local attackers to manipulate the 'command' argument, leading to unauthorized execution of operating system commands via the 'execa' library. This exploitation could result in a complete compromise of the host, including unauthorized data access, integrity violations, and potential disruption of services.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server, with the executed commands running under the privileges of the server process. This could lead to a full compromise of the host, including unauthorized access to sensitive data, disruption of services, and alteration of server states.

Reproduction

To reproduce this vulnerability, send a request to the MCP/HTTP endpoint that invokes the 'summarize_command' tool. Include a crafted 'command' argument that exploits the command injection flaw, such as one that echoes a message and executes a command like 'id' to demonstrate the injection.

Remediation

It is recommended to remove direct execution of shell commands from request-driven paths. Replace unvalidated command inputs with fixed allowlists and validated argument schemas. Prefer executing commands as argument arrays without shell interpretation. Additionally, implement authentication, authorization, logging, and rate limiting on sensitive MCP/HTTP handlers.