| Titel | florensiawidjaja BioinfoMCP 7ada7918b9e515604d3c0ae264d3a9af10bf6e54 Path Traversal |
|---|
| Beschreibung | The web-facing BioinfoMCP platform exposes POST /upload for converting uploaded manuals into generated MCP server artifacts. The route reads the uploaded file object from request.files, takes its client-supplied filename verbatim, and writes it using f.save(os.path.join("uploads", f.filename)).
Because the multipart filename field is attacker-controlled, an absolute path such as /tmp/bioinfomcp_poc.pdf overrides the intended uploads/ directory entirely, and traversal sequences can also escape it. The route then passes that attacker-chosen saved path into scripts/do_sth.py, so the unsafe path is not only written but also treated as the input artifact for the rest of the conversion workflow.
|
|---|
| Quelle | ⚠️ https://github.com/florensiawidjaja/BioinfoMCP/issues/2 |
|---|
| Benutzer | LittleW (UID 97283) |
|---|
| Einreichung | 13.04.2026 11:15 (vor 2 Monaten) |
|---|
| Moderieren | 29.04.2026 13:18 (16 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 360122 [florensiawidjaja BioinfoMCP bis 7ada7918b9e515604d3c0ae264d3a9af10bf6e54 Upload Endpoint app.py upload Name Directory Traversal] |
|---|
| Punkte | 20 |
|---|