| Titel | donchelo processing-claude-mcp-bridge e017b20a4b592a45531a6392f494007f04e661bd Path Traversal |
|---|
| Beschreibung | processing-claude-mcp-bridge exposes tools for creating, updating, and running Processing sketches. The documentation says sketch_name should be the sketch name only, but the implementation directly concatenates that value into Windows filesystem paths using os.path.join(...) and never checks that the final path stays under PROCESSING_SKETCH_DIR.
An attacker can therefore supply traversal sequences such as ..\\..\\Desktop\\evil and cause the server to create directories and write .pde files outside the intended Processing sketch root. On the hardcoded Windows deployment path used by the project, this escapes from C:\Users\chelo\OneDrive\Documentos\Processing into sibling directories such as the user's Desktop. |
|---|
| Quelle | ⚠️ https://github.com/donchelo/processing-claude-mcp-bridge/issues/1 |
|---|
| Benutzer | CPT_Penner (UID 97246) |
|---|
| Einreichung | 10.04.2026 15:42 (vor 2 Monaten) |
|---|
| Moderieren | 27.04.2026 17:21 (17 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 359816 [donchelo processing-claude-mcp-bridge bis e017b20a4b592a45531a6392f494007f04e661bd create_sketch Tool processing_server.py sketch_name Directory Traversal] |
|---|
| Punkte | 20 |
|---|