Security Release v1.0.4 - Multiple Security Fixes

Stephan Ferraro · claude · Stephan Ferraro · commit cd2566a948b6 · 2025-08-17T11:12:55.000+02:00
🔒 SECURITY FIXES: - Fixed command injection vulnerability in SSH operations - Upgraded tmp dependency to 0.2.5 (CVE fix for GHSA-52f5-9888-hmc6) - Added dependency overrides to enforce secure versions 🛡️ Enhanced input validation and sanitization for SSH commands 📦 Updated package-lock.json with secure dependencies 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.4] - 2025-08-17
+
+### Security
+- **SECURITY FIX**: Fixed command injection vulnerability in SSH operations (commit 5b9b9c5)
+- **SECURITY FIX**: Upgraded `tmp` dependency to version 0.2.5 to address CVE vulnerability
+- Fixed arbitrary temporary file/directory write via symbolic link in `tmp` package (GHSA-52f5-9888-hmc6)
+- Added dependency overrides to ensure all transitive dependencies use secure `tmp` version
+- Enhanced input validation and sanitization for SSH commands and file paths
+
+### Technical
+- Added `tmp: ">=0.2.4"` to devDependencies to force secure version
+- Added npm overrides configuration to enforce secure tmp version across entire dependency tree
+- Updated package-lock.json to reflect security fixes
+
 ## [1.0.3] - 2025-06-06
 
 ### Added
diff --git a/gist_comment.json b/gist_comment.json
@@ -0,0 +1,3 @@
+{
+  "body": "**Security Fix Applied**\n\nThank you for reporting this command injection vulnerability. You're absolutely correct about the security issue in the SSH client implementation.\n\n**Issue Confirmed:**\nThe vulnerability existed in `server-simple.mjs` where `exec()` was used with string interpolation:\n- `runRemoteCommand()` - Line 171: `ssh \"${hostAlias}\" \"${command}\"`\n- `uploadFile()` - Line 220: `scp \"${localPath}\" \"${hostAlias}:${remotePath}\"`  \n- `downloadFile()` - Line 233: `scp \"${hostAlias}:${remotePath}\" \"${localPath}\"`\n\n**Fix Applied:**\nReplaced all unsafe `exec()` calls with `execFile()` using proper argument arrays:\n- `execFile('ssh', [hostAlias, command], options)`\n- `execFile('scp', [localPath, `${hostAlias}:${remotePath}`], options)`\n- `execFile('scp', [`${hostAlias}:${remotePath}`, localPath], options)`\n\nThis prevents command injection by treating arguments as literal values rather than shell commands.\n\n**Commit:** [5b9b9c5](https://github.com/aiondadotcom/mcp-ssh/commit/5b9b9c5) - Fix command injection vulnerability in SSH operations\n\nThe fix maintains full functionality while eliminating the security risk. Thank you for the responsible disclosure!"
+}
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@aiondadotcom/mcp-ssh",
-  "version": "1.0.3",
+  "version": "1.0.4",
   "description": "MCP Agent for managing SSH hosts - A Model Context Protocol server for SSH operations",
   "main": "server-simple.mjs",
   "bin": {
@@ -48,7 +48,11 @@
     "@anthropic-ai/dxt": "^0.2.5",
     "@types/node": "^20.11.26",
     "@types/ssh2": "^1.15.0",
+    "tmp": ">=0.2.4",
     "ts-node": "^10.9.2",
     "typescript": "^5.4.3"
+  },
+  "overrides": {
+    "tmp": ">=0.2.4"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+{`
	`2`	+ "body": "Security Fix Applied\n\nThank you for reporting this command injection vulnerability. You're absolutely correct about the security issue in the SSH client implementation.\n\nIssue Confirmed:\nThe vulnerability existed in `server-simple.mjs` where `exec()` was used with string interpolation:\n- `runRemoteCommand()` - Line 171: `ssh \"${hostAlias}\" \"${command}\"`\n- `uploadFile()` - Line 220: `scp \"${localPath}\" \"${hostAlias}:${remotePath}\"` \n- `downloadFile()` - Line 233: `scp \"${hostAlias}:${remotePath}\" \"${localPath}\"`\n\nFix Applied:\nReplaced all unsafe `exec()` calls with `execFile()` using proper argument arrays:\n- `execFile('ssh', [hostAlias, command], options)`\n- `execFile('scp', [localPath, `${hostAlias}:${remotePath}`], options)`\n- `execFile('scp', [`${hostAlias}:${remotePath}`, localPath], options)`\n\nThis prevents command injection by treating arguments as literal values rather than shell commands.\n\nCommit: [5b9b9c5](https://github.com/aiondadotcom/mcp-ssh/commit/5b9b9c5) - Fix command injection vulnerability in SSH operations\n\nThe fix maintains full functionality while eliminating the security risk. Thank you for the responsible disclosure!"
	`3`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@aiondadotcom/mcp-ssh",`
`3`		`- "version": "1.0.3",`
	`3`	`+ "version": "1.0.4",`
`4`	`4`	`"description": "MCP Agent for managing SSH hosts - A Model Context Protocol server for SSH operations",`
`5`	`5`	`"main": "server-simple.mjs",`
`6`	`6`	`"bin": {`
`@@ -48,7 +48,11 @@`
`48`	`48`	`"@anthropic-ai/dxt": "^0.2.5",`
`49`	`49`	`"@types/node": "^20.11.26",`
`50`	`50`	`"@types/ssh2": "^1.15.0",`
	`51`	`+ "tmp": ">=0.2.4",`
`51`	`52`	`"ts-node": "^10.9.2",`
`52`	`53`	`"typescript": "^5.4.3"`
	`54`	`+ },`
	`55`	`+ "overrides": {`
	`56`	`+ "tmp": ">=0.2.4"`
`53`	`57`	`}`
`54`	`58`	`}`