Listen to this Post
The CVE-2024-5240 vulnerability is a command injection flaw within the FastMCP framework on Windows. The issue originates from the `generate_cursor_deeplink` function, which unsafely incorporates user-controlled input from the `server_name` parameter into a “cursor://” deeplink URL string. This string is subsequently passed to the `open_deeplink` function. On Windows systems, this function utilizes `subprocess` with shell=True, executing the command cmd.exe /c start <generated_url>. Because the `server_name` is embedded without proper sanitization, an attacker can include command metacharacters like ampersands (&) to break out of the intended `start` command. This allows for the execution of arbitrary operating system commands with the privileges of the application running the FastMCP server, effectively turning a controlled field into a remote code execution vector.
Platform: FastMCP
Version: Pre-1.1.2
Vulnerability : Command Injection
Severity: Critical
date: 2024-12-19
Prediction: 2024-12-26
What Undercode Say:
fastmcp install cursor server.py
server.py from fastmcp import FastMCP mcp = FastMCP(name="test&calc")
How Exploit:
Craft a malicious server name containing OS command metacharacters to inject and execute arbitrary commands when the deeplink is opened on a Windows host.
Protection from this CVE
Upgrade FastMCP to version 1.1.2 or later, which patches the command injection vulnerability. For immediate mitigation, avoid using `fastmcp install cursor` with untrusted MCP servers or on Windows systems until patched.
Impact:
Full remote command execution on the host system, compromising developer workstations, CI/CD pipelines, and build servers.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
