| 제목 | wonderwhy-er DesktopCommanderMCP 0.2.13 OS Command Injection |
|---|
| 설명 | Command Blocklist Bypass via Absolute Path
The command blocklist can be bypassed by specifying the absolute path to a blocked command. The extractBaseCommand function uses the entire string as the command name if it contains no spaces, failing to normalise paths to their base command name. For example, the check fails to match the blocked command sudo with the user input /usr/bin/sudo.
This vulnerability allows a malicious actor to bypass the command blocklist by simply providing a full path to the command. This leads to arbitrary command execution, nullifying the security control. The severity would vary depending on the privileges of the user running the server. |
|---|
| 원천 | ⚠️ https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/218 |
|---|
| 사용자 | crem (UID 91252) |
|---|
| 제출 | 2025. 10. 03. AM 07:16 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 08. PM 12:53 (5 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 327609 [wonderwhy-er DesktopCommanderMCP 까지 0.2.13 Absolute Path src/command-manager.ts extractBaseCommand 권한 상승] |
|---|
| 포인트들 | 20 |
|---|