Eyal-Gor Branch Monkey MCP Command Injection Vulnerability in Preview Endpoint

A command injection vulnerability has been identified in the Eyal-Gor Branch Monkey MCP project, specifically in the preview endpoint of the local bridge integration with Kompany. The issue arises in the file 'branch_monkey_mcp/bridge_and_local_actions/routes/advanced.py', where the 'dev_script' argument is improperly handled, allowing arbitrary OS commands to be executed. This vulnerability can be exploited remotely, and the necessary conditions for exploitation are relatively straightforward.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server where the application is running. This could lead to unauthorized access to sensitive information, modification of files, or disruption of services by interfering with running processes or consuming system resources.

Reproduction

To reproduce this vulnerability, send a POST request to the '/api/local-claude/time-machine/preview' endpoint with a valid Git repository path and a commit SHA that exists in that repository. Include a 'dev_script' parameter with a command that you wish to execute. The command will be executed on the server with the same privileges as the application.

Remediation

It is recommended to remove the shell execution for the 'dev_script' parameter or to replace it with a controlled list of allowed commands. If customization is necessary, validate the commands strictly before execution.