| عنوان | dubydu sqlite-mcp 0.1.0 Pathname Traversal |
|---|
| الوصف | The extract_to_json MCP tool writes query results to the caller-controlled output_filename with no root restriction. The code appends a .json suffix if needed, but it does not canonicalize the destination or confine it to the database directory. This allows an attacker to write database contents to an arbitrary JSON path writable by the service account.
|
|---|
| المصدر | ⚠️ https://github.com/dubydu/sqlite-mcp/issues/1 |
|---|
| المستخدم | SmallW (UID 97245) |
|---|
| ارسال | 10/04/2026 02:46 PM (2 أشهر منذ) |
|---|
| الاعتدال | 27/04/2026 04:05 PM (17 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 359806 [dubydu sqlite-mcp حتى 0.1.0 src/entry.py extract_to_json output_filename حقن SQL] |
|---|
| النقاط | 19 |
|---|