| Título | duartium papers-mcp-server 0.1.0 Path Traversal |
|---|
| Descrição | The search_papers() MCP tool uses the caller-controlled topic string to derive a directory name under papers/, but it only lowercases the string and replaces spaces with underscores. Traversal sequences and path separators survive unchanged. The server then creates the directory and writes papers_info.json inside it. A topic such as ../../../../tmp/papers_poc therefore escapes the intended papers/ workspace and creates or overwrites /tmp/papers_poc/papers_info.json. |
|---|
| Fonte | ⚠️ https://github.com/duartium/papers-mcp-server/issues/1 |
|---|
| Utilizador | SmallW (UID 97245) |
|---|
| Submissão | 10/04/2026 14h41 (há 2 meses) |
|---|
| Moderação | 27/04/2026 16h02 (17 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 359805 [duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598 src/main.py search_papers topic Travessia de Diretório] |
|---|
| Pontos | 20 |
|---|