जमा करें #854529: augmnt augments-mcp-server 7.1.0 Path Traversalजानकारी

शीर्षकaugmnt augments-mcp-server 7.1.0 Path Traversal
विवरणA vulnerability was found in augmnt/augments-mcp-server 7.1.0. The issue affects the MCP tool scan_project_deps and the parameter packageJsonPath. The scan_project_deps tool accepts a caller-controlled packageJsonPath and reads it with fs.readFile without enforcing a trusted project root, workspace boundary, file-name restriction, or traversal protection. The path is declared as a free-form string and is used directly as the file path. As a result, an MCP client that can invoke this tool can cause the server process to read arbitrary local files accessible to the server user, including absolute paths and paths containing ../ traversal. The disclosure behavior depends on the file type. If the target file is valid JSON, the file is parsed and dependency names and versions may be returned in the tool response. In the public reproduction, a planted JSON file outside the project directory was read and parsed by the server. Dependency names from that JSON file were also queried against registry.npmjs.org, causing a secondary off-host disclosure of attacker-controlled JSON key material. If the target file is not valid JSON, JSON.parse throws a SyntaxError. The error message may include a fragment of the file content, and this raw error message is returned to the caller in the notes field. In the public reproduction, reading /etc/passwd returned a parse-error note containing the beginning of the file content. This also provides a file-existence and readability oracle. Affected package: @augmnt-sh/augments-mcp-server Affected version: 7.1.0 Affected component: src/tools/v4/scan-project-deps.ts Affected entry point: dist/cli.js Affected tool: scan_project_deps Affected parameter: packageJsonPath CWE: CWE-22 / CWE-23 / CWE-200 CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Suggested severity: High Suggested remediation: resolve packageJsonPath against an operator-approved project root and enforce realpath-based containment before reading. Reject absolute paths, ../ traversal, and symlink escapes outside the trusted root. The tool should also restrict the target filename to package.json where possible, and it should not return raw parser error messages that may include file content.
स्रोत⚠️ https://github.com/augmnt/augments-mcp-server/issues/8
उपयोगकर्ता Mcfly_Zhang (UID 98877)
सबमिशन10/06/2026 02:34 AM (1 महीना पहले)
संयम12/07/2026 02:07 PM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि377855 [augmnt augments-mcp-server 7.1.0 scan_project_deps scan-project-deps.ts scanProjectDeps packageJsonPath निर्देशिका ट्रैवर्सल]
अंक20

Want to know what is going to be exploited?

We predict KEV entries!