### Vulnerability Overview **Vulnerability Name**: Command Injection Vulnerability in website-downloader **CVE ID**: CWE-78 (Improper Neutralization of Special Elements used in an OS Command) **Description**: In `website-downloader` version 0.1.0, the `download_website` MCP tool contains a command injection vulnerability. This tool constructs a `wget` command by concatenating user-supplied `url` and `outputPath` parameters, and executes it using `child_process.exec` without proper escaping or argument separation. Attackers can execute arbitrary operating system commands by injecting shell metacharacters (such as `;` or `|`), leading to complete server compromise. ### Impact Scope * **Affected Product**: `website-downloader` * **Affected Version**: 0.1.0 (commit: 5d3990e8a41880a6c8758520c36aa3711769266) * **CVSS v3.1 Score**: 9.9 (Critical) * **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H ### Remediation 1. **Replace Execution Method**: Use `child_process.execFile` or `spawn` instead of `child_process.exec`, pass arguments as an array, and set `shell: false`. 2. **Argument Separation**: Pass `wget` options as independent arguments rather than constructing a single shell command string. 3. **Input Validation**: Perform strict scheme and hostname validation on the `url`. 4. **Path Restriction**: Normalize and restrict `outputPath` to a designated download directory. 5. **Temporary Mitigation**: Do not expose the MCP server to untrusted clients; reject shell metacharacters in `url` and `outputPath`. ### POC Code ```json {"jsonrpc":"2.0","id":"1","method":"tools/call","params":{"name":"download_website","arguments":{"url":"http://example.com; id > /tmp/pwned","outputPath":"/tmp/output"}}} ```