### Vulnerability Summary: Vale-MCP Command Injection Vulnerability (CVE-78) **1. Vulnerability Overview** * **Vulnerability Name**: Command Injection Vulnerability in Vale-MCP * **Vulnerability Type**: OS Command Injection (CWE-78) * **Description**: A command injection vulnerability was discovered in the `vale-runners` component of `vale-mcp`. An attacker with network access can provide maliciously crafted inputs to the MCP/HTTP interface via `config_path` or other tool parameters. These inputs are deserialized and executed as OS commands (via `exec` or `execSync`). This allows arbitrary system commands to be executed with server privileges, leading to full host compromise, data leakage, loss of integrity, and service disruption. * **Affected Components**: `src/index.ts`, `src/vale-runner.ts` **2. Scope of Impact** * **Affected Versions**: 0.1.0 * **Confirmed Affected Scope**: Revisions containing the same request-to-sink flows. * **Fixed Version**: Not available at the time of reporting. **3. Technical Root Cause** The code directly uses the `command` parameter from the request without filtering: ```javascript // 1. js/command-injection-from-request // Source: src/index.ts:278 (request) // Sink: src/vale-runner.ts:369 const result = await execSync(command, execOptions); // 2. js/command-injection-from-request // Source: src/index.ts:278 (request) // Sink: src/vale-runner.ts:369 const child = exec(command, execOptions, (error, stdout, stderr) => { ``` **4. Recommended Fix** * **Eliminate Data Flow**: Eliminate the request-to-sink data flow documented above. * **Input Validation**: Implement input schema validation at the MCP/HTTP boundary. * **Regression Testing**: Add regression tests to prove that attacker-controlled values cannot reach sensitive sinks. * **Public Announcement**: Publish a maintainer security advisory once the patch is released. * **Alternatives**: * Remove shell string execution driven by requests. * Use alternative free-form commands with fixed allow-lists and validated parameter patterns. * Prioritize process execution using argument arrays without shell interpretation. * Implement authentication, authorization, logging, and rate limiting. **5. Proof of Concept (POC)** Below are the reproduction request examples provided on the page: ```json {"jsonrpc":"2.0","id":"1","method":"tools/call","params":{"name":"check_file","arguments":{"text":"LINUX","}} ``` ```json {"jsonrpc":"2.0","id":"1","method":"tools/call","params":{"name":"check_text","arguments":{"text":"abc","text ``` *(Note: The screenshot at the bottom of the page demonstrates the successful creation of the file `poc.txt` after executing the above commands.)*