GHSA-45qj-4xq3-3c45: 
JavaScript vulnerability analysis and mitigation

A command injection vulnerability (GHSA-45qj-4xq3-3c45) was discovered in mcp-markdownify-server's pptx-to-markdown tool, affecting versions <=0.0.1. The vulnerability, disclosed on September 2, 2025, stems from unsanitized input parameters within child_process.exec calls, allowing attackers to inject arbitrary system commands. The vulnerability has been assigned a high severity rating with a CVSS score of 7.5 (GitHub Advisory).

The vulnerability exists in the MCP Server's pptx-to-markdown tool where user input is directly passed to childprocess.exec without proper sanitization. The vulnerable code constructs and executes shell commands using unvalidated user input within command-line strings, specifically in the markitdown method where filePath parameter is used directly in command execution. The vulnerability has been assigned CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network attack vector, high complexity, no privileges required, and high impact on confidentiality, integrity, and availability (GitHub Advisory).

Successful exploitation of this vulnerability can lead to Remote Code Execution (RCE) under the server process's privileges. The vulnerability allows attackers to execute arbitrary system commands through shell metacharacter injection (|, >, &&, etc.), potentially compromising the entire system (GitHub Advisory).

The vulnerability has been patched in version 0.0.2. The recommended mitigation is to avoid using childprocess.exec with untrusted input and instead use childprocess.execFile, which allows passing arguments as a separate array to avoid shell interpretation. For handling tilde paths, it's recommended to use the untildify package to convert tilde paths to absolute paths before passing to child_process.execFile (GitHub Advisory).