PolarVista Xcode MCP Server OS Command Injection Vulnerability

An OS command injection vulnerability has been identified in PolarVista's Xcode MCP Server version 1.0.0. This vulnerability exists in the MCP Interface component, specifically within the build_project and run_tests functions of the src/index.ts file. The issue arises because user-supplied arguments are improperly sanitized before being interpolated into shell command strings. The resulting commands are executed using child_process.exec, allowing an attacker to inject arbitrary operating system commands that execute with the privileges of the server process. This exploitation could lead to a complete compromise of the host, including unauthorized data access, modification of files and application state, and disruption of services.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution, with injected commands running under the server process's privileges. This could result in a full host compromise, including unauthorized access to sensitive files and environment data, modification of files and application state, and disruption of services by terminating processes or consuming resources.

Reproduction

To reproduce this vulnerability, start the affected Xcode MCP Server with the Model Context Protocol Inspector. Once the server is running, use the MCP Inspector to call the run_tests tool, providing a crafted scheme argument that includes shell metacharacters to inject a command, such as 'id', into the command execution process. After sending the request, the response should include the output of the injected command, demonstrating successful exploitation.

Remediation

PolarVista should be contacted to inform them about the vulnerability and request a patch. Once a patch is released, a security advisory should be published.