Crem
Crem
**Describe the bug** The default recommended installation method via pipx results in an error because of dependency conflicts. **To Reproduce** Steps to reproduce the behavior i.e.: Command: `pipx install git+https://github.com/Pennyw0rth/NetExec`...
## Outline The command validation logic in the [`CommandManager` class](https://github.com/wonderwhy-er/DesktopCommanderMCP/blob/a5ee59558465299af8aa74a87cdec2beeff75d7c/src/command-manager.ts#L4) class is vulnerable to a bypass when an attacker uses shell command substitution syntax, such as `$(...)` or backticks (``...
## Outline The command blocklist can be bypassed by specifying the absolute path to a blocked command. The [`extractBaseCommand` function](https://github.com/wonderwhy-er/DesktopCommanderMCP/blob/a5ee59558465299af8aa74a87cdec2beeff75d7c/src/command-manager.ts#L128) uses the entire string as the command name if it...
## Outline The [`isPathAllowed` function](https://github.com/wonderwhy-er/DesktopCommanderMCP/blob/a5ee59558465299af8aa74a87cdec2beeff75d7c/src/tools/filesystem.ts#L174) for validating file operations is vulnerable to a security bypass using symbolic links (symlinks). The function does a good job of validating traditional directory traversal...