| शीर्षक | continuedev continue v1.2.22-vscode Path Traversal (CWE-22) |
|---|
| विवरण | # Technical Details
A Path Traversal vulnerability exists in the `lsToolImpl` method in `core/tools/implementations/lsTool.ts` of Continue.
The application fails to apply standard workspace boundary checks and explicitly overrides default security blocklists, allowing unauthenticated enumeration of the host system.
# Vulnerable Code
File: core/tools/implementations/lsTool.ts
Method: lsToolImpl
Why: The `lsTool` function omits calling the explicit `throwIfFileIsSecurityConcern(resolvedPath.displayPath)` security barrier used by other file manipulation functions. Furthermore, it explicitly overrides protective environment blocklists by utilizing the configuration `overrideDefaultIgnores: ignore()`.
# Reproduction
1. Establish an external JSON-RPC connection to the Continue Core TCP server port (e.g., 3000).
2. Send a `tools/call` message JSON payload targeting the `ls` system function.
3. Inject the `dirPath` variable argument with an absolute, restricted directory path, such as `/etc`.
4. Observe the comprehensive file/directory listing of the restricted path returned in the JSON response payload.
# Impact
- Unauthorized local file enumeration exposing directory structures.
- Leakage of sensitive software configurations or user configurations (e.g., `~/.ssh/`, `.env`) that can be chained to increase exploit impact. |
|---|
| स्रोत | ⚠️ https://gist.github.com/YLChen-007/da04e032993a4b2324df915f9ecf9831 |
|---|
| उपयोगकर्ता | Eric-g (UID 96879) |
|---|
| सबमिशन | 23/04/2026 03:14 PM (1 महीना पहले) |
|---|
| संयम | 17/05/2026 11:30 AM (24 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 364395 [continuedev continue तक 1.2.22 JSON-RPC Server lsTool.ts lsTool dirPath निर्देशिका ट्रैवर्सल] |
|---|
| अंक | 20 |
|---|