Arbitrary Code Execution via Scanner Bypass in `aws-diagram-mcp-server` `exec()` NamespaceThis vulnerability involves arbitrary code execution due to a scanner bypass in the `aws-diagram-mcp-server` `exec()` namespace.

bugbountyshorts@infosec.exchange

Arbitrary Code Execution via Scanner Bypass in `aws-diagram-mcp-server` `exec()` Namespace
This vulnerability involves arbitrary code execution due to a scanner bypass in the `aws-diagram-mcp-server` `exec()` namespace. The application fails to properly filter user-controlled input when constructing command-line arguments, allowing malicious input to execute arbitrary code. The researcher discovered this by injecting special characters (e.g., semi-colon to execute multiple commands separated by semicolons. The vulnerability was caused by the lack of input sanitization in the `exec()` function, which resulted in the execution of user-supplied shell commands. This flaw allows an attacker to execute any command on the system with the same privileges as the application, potentially leading to full system compromise. The researcher received $2,000 for this vulnerability. To prevent similar issues, it is crucial to properly sanitize user inputs and limit the scope of command execution. Key lesson: Always sanitize user inputs to prevent arbitrary code execution. #BugBounty #Cybersecurity #WebSecurity #ArbitraryCodeExecution #InputSanitization

AWS VDP disclosed on HackerOne: Arbitrary Code Execution via...

This is an informative report is related to a feature that was included in response to previous unrelated feedback in an open source repository. We thank @locus-x64 for this report, and the commitment to the security of AWS customers.

HackerOne (hackerone.com)