| 제목 | geldata gel-mcp 0.1.0 Path Traversal |
|---|
| 설명 | gel-mcp exposes two rule-related tools: list_rules(), which enumerates the bundled Markdown rule files under RULES_DIR, and fetch_rule(rule_name), which is supposed to return one of those bundled files by name. The implementation of fetch_rule() joins attacker-controlled rule_name directly under RULES_DIR and then calls exists() / read_text() on the resulting path.
Because the code does not reject path separators, traversal tokens, or absolute paths, a caller can request files outside the bundled rule directory. For example, ../../../../../pyproject.toml resolves from src/gel_mcp/static/gel-ai-rules/src/ back to the repository root and returns the project's pyproject.toml instead of a packaged rule file. |
|---|
| 원천 | ⚠️ https://github.com/geldata/gel-mcp/issues/11 |
|---|
| 사용자 | LargeW (UID 97302) |
|---|
| 제출 | 2026. 04. 13. PM 02:18 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 04. 29. PM 02:53 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 360139 [geldata gel-mcp 0.1.0 src/gel_mcp/server.py list_rules/fetch_rule rule_name 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|