crazyrabbitLTC mcp-code-review-server Command Injection Vulnerability

A command injection vulnerability has been identified in the crazyrabbitLTC mcp-code-review-server application, specifically in versions up to and including 0.1.0. The issue arises in the RepoMix Command Handler, within the executeRepomix function of the src/repomix.ts file. The vulnerability allows for arbitrary command execution by manipulating the specificFiles or repoPath parameters, which are directly concatenated into shell commands and executed using Node.js's child process exec() function. This exploitation can be initiated remotely.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server where the MCP service is running. The executed commands will depend on the privileges of the MCP server process, potentially leading to unauthorized access or modification of the host environment.

Reproduction

To reproduce this vulnerability, upload a file named poc.txt to the current working directory of the MCP server. Then, use the MCP Inspector to connect to the running server and select the analyze_repo tool. In the specificFiles parameter, input 'package.json&whoami > poc.txt' and run the tool. The injected command will execute, demonstrating the command injection vulnerability. This same procedure applies to the code_review tool, where the repoPath parameter can also be exploited.

Remediation

The vulnerability has been addressed in a pull request that replaces the exec() function with execFile(), which is a safer alternative that prevents command injection by treating the command and its arguments separately.