dvladimirov MCP Command Injection Vulnerability in Git Search API

A command injection vulnerability has been identified in dvladimirov MCP versions through 0.1.0. The issue arises in the Git Search API, specifically within the GitSearchRequest function of the mcp_server.py file. The vulnerability allows for arbitrary command execution on the host by manipulating the repo_url or pattern arguments. This exploitation can be performed remotely, without any authentication requirements.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the host, with potential consequences for confidentiality, integrity, and availability.

Reproduction

To reproduce this vulnerability, send a POST request to the Git Search API endpoint '/v1/models/git-analyzer/search' with a Git repository URL and a crafted pattern that includes shell metacharacters. The injected command will be executed on the host, demonstrating the command injection vulnerability.

Remediation

It is recommended to remove the shell execution from the Git search functionality and replace it with a direct Python implementation that does not involve shelling out. If external commands must be used, they should be invoked without a shell to prevent command injection risks.