fastestmcp

The server-side git interaction tools (`clone_git_repository`, `download_git_repository` in `src/server/stdio/app/tools.py` and `src/server/stdio/app/resources.py`) use `subprocess.run` with dynamically constructed commands taking user-provided `repository_url`, `target_directory`, and `branch`. While `repo_name` is validated against an allowlist in some contexts, the `repository_url` and `branch` are not strictly sanitized, creating a significant command injection and path traversal vulnerability. The `WebScraper` component (`fastestmcp/__init__.py`) uses `requests.get` with user-provided URLs, which could lead to Server-Side Request Forgery (SSRF) or excessive resource consumption. The `eval()` function is used in `src/fastestmcp/demo.py` (`advanced_calculation`) for a demo, which is an explicit code execution vulnerability. Overall, inputs to many tools/resources are not sufficiently sanitized before use in shell commands or network requests, making the server unsafe to run with untrusted input without significant modifications or a robust sandboxing environment.