| Название | douinc mkdocs-mcp-plugin 0.4.1 Path Traversal |
|---|
| Описание | mkdocs-mcp-plugin is intended to read documentation from a MkDocs docs directory, but its MCP tools trust caller-supplied path components too broadly:
read_document(file_path, docs_dir="docs")
list_documents(docs_dir="docs")
The implementation uses Path(docs_dir) / file_path and Path(docs_dir).rglob("*.md") directly, without resolving the resulting path and verifying that it remains inside the intended documentation root. An attacker can therefore use .. segments or override docs_dir to access markdown files outside the project's docs directory.
|
|---|
| Источник | ⚠️ https://github.com/douinc/mkdocs-mcp-plugin/issues/6 |
|---|
| Пользователь | SmallW (UID 97245) |
|---|
| Представление | 10.04.2026 13:41 (2 месяцы назад) |
|---|
| Модерация | 26.04.2026 22:16 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 359758 [douinc mkdocs-mcp-plugin до 0.4.1 server.py read_document/list_documents docs_dir/file_path обход каталога] |
|---|
| Баллы | 20 |
|---|