| शीर्षक | lharries whatsapp-mcp v0.0.1 Path Traversal |
|---|
| विवरण | A CWE-22 (Path Traversal) vulnerability exists in the sendWhatsAppMessage function at main.go:237. The mediaPath parameter, received from user input via the /api/send HTTP endpoint, is passed directly to os.ReadFile() without any validation, sanitization, or path restriction checks. The application does not verify that the provided path is within an allowed directory or sanitize path traversal sequences (../).
More Details: https://github.com/lharries/whatsapp-mcp/issues/241
|
|---|
| स्रोत | ⚠️ https://github.com/lharries/whatsapp-mcp/issues/241 |
|---|
| उपयोगकर्ता | ybdesire (UID 83239) |
|---|
| सबमिशन | 10/05/2026 02:51 PM (25 दिन पहले) |
|---|
| संयम | 31/05/2026 02:51 PM (21 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367544 [lharries whatsapp-mcp 0.0.1 Send API Endpoint whatsapp-bridge/main.go SendMessageRequest mediaPath निर्देशिका ट्रैवर्सल] |
|---|
| अंक | 20 |
|---|