| Название | donchelo processing-claude-mcp-bridge e017b20a4b592a45531a6392f494007f04e661bd Path Traversal |
|---|
| Описание | processing-claude-mcp-bridge exposes tools for creating, updating, and running Processing sketches. The documentation says sketch_name should be the sketch name only, but the implementation directly concatenates that value into Windows filesystem paths using os.path.join(...) and never checks that the final path stays under PROCESSING_SKETCH_DIR.
An attacker can therefore supply traversal sequences such as ..\\..\\Desktop\\evil and cause the server to create directories and write .pde files outside the intended Processing sketch root. On the hardcoded Windows deployment path used by the project, this escapes from C:\Users\chelo\OneDrive\Documentos\Processing into sibling directories such as the user's Desktop. |
|---|
| Источник | ⚠️ https://github.com/donchelo/processing-claude-mcp-bridge/issues/1 |
|---|
| Пользователь | CPT_Penner (UID 97246) |
|---|
| Представление | 10.04.2026 15:42 (18 дни назад) |
|---|
| Модерация | 27.04.2026 17:21 (17 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 359816 [donchelo processing-claude-mcp-bridge до e017b20a4b592a45531a6392f494007f04e661bd create_sketch Tool processing_server.py sketch_name обход каталога] |
|---|
| Баллы | 20 |
|---|