| शीर्षक | eiceblue spire-pdf-mcp-server 0.1.1 Path Traversal |
|---|
| विवरण | spire-pdf-mcp-server advertises PDF_FILES_PATH as the directory for managed PDF files. The server nonetheless resolves user-supplied paths with a helper that explicitly returns absolute paths unchanged and blindly joins relative paths to PDF_FILES_PATH without normalization or containment checks.
As a result, callers can escape the configured PDF directory with payloads such as ../../../../tmp/poc.pdf or /tmp/poc.pdf. Multiple exposed tools then operate on that escaped path, allowing arbitrary PDF creation, arbitrary PDF conversion to attacker-chosen output locations, and arbitrary reads of existing host PDFs that the service account can access. |
|---|
| स्रोत | ⚠️ https://github.com/eiceblue/spire-pdf-mcp-server/issues/1 |
|---|
| उपयोगकर्ता | LittleW (UID 97283) |
|---|
| सबमिशन | 12/04/2026 12:05 PM (2 महीनों पहले) |
|---|
| संयम | 28/04/2026 03:00 PM (16 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359963 [eiceblue spire-pdf-mcp-server 0.1.1 PDF File server.py get_pdf_path filepath निर्देशिका ट्रैवर्सल] |
|---|
| अंक | 20 |
|---|