| タイトル | donchelo processing-claude-mcp-bridge e017b20a4b592a45531a6392f494007f04e661bd Path Traversal |
|---|
| 説明 | processing-claude-mcp-bridge exposes tools for creating, updating, and running Processing sketches. The documentation says sketch_name should be the sketch name only, but the implementation directly concatenates that value into Windows filesystem paths using os.path.join(...) and never checks that the final path stays under PROCESSING_SKETCH_DIR.
An attacker can therefore supply traversal sequences such as ..\\..\\Desktop\\evil and cause the server to create directories and write .pde files outside the intended Processing sketch root. On the hardcoded Windows deployment path used by the project, this escapes from C:\Users\chelo\OneDrive\Documentos\Processing into sibling directories such as the user's Desktop. |
|---|
| ソース | ⚠️ https://github.com/donchelo/processing-claude-mcp-bridge/issues/1 |
|---|
| ユーザー | CPT_Penner (UID 97246) |
|---|
| 送信 | 2026年04月10日 15:42 (18 日 ago) |
|---|
| モデレーション | 2026年04月27日 17:21 (17 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 359816 [donchelo processing-claude-mcp-bridge 迄 e017b20a4b592a45531a6392f494007f04e661bd create_sketch Tool processing_server.py sketch_name ディレクトリトラバーサル] |
|---|
| ポイント | 20 |
|---|