| शीर्षक | fatbobman mail-mcp-bridge d9e7d9acc2abcf9da8252d76506fc5afbc08d08e Path Traversal |
|---|
| विवरण | The `cleanup_attachments` MCP tool accepts a list of RFC `message_ids` and is intended to remove temporary extraction directories beneath the attachment cache root. However, the implementation only strips angle brackets from each `message_id` before joining it under the base directory. Traversal sequences such as `../mail-mcp-bridge-poc` survive unchanged, so the server resolves a path outside `mail-mcp-attachments` and recursively deletes it with `shutil.rmtree()`. This provides a real arbitrary-directory deletion primitive relative to the temp root used by the service. The related extraction flow in `extract_attachments.py` repeats the same unsafe `message_id`-to-directory join when creating directories. |
|---|
| स्रोत | ⚠️ https://github.com/fatbobman/mail-mcp-bridge/issues/2 |
|---|
| उपयोगकर्ता | LittleW (UID 97283) |
|---|
| सबमिशन | 12/04/2026 01:06 PM (2 महीनों पहले) |
|---|
| संयम | 29/04/2026 10:47 AM (17 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360107 [fatbobman mail-mcp-bridge तक 1.3.3 src/mail_mcp_server.py message_ids निर्देशिका ट्रैवर्सल] |
|---|
| अंक | 20 |
|---|