| Название | c-rick jimeng-mcp dfba9045f07d4bf8601d3e5e28b55e04a8f68970 Path Traversal |
|---|
| Описание | # Multiple Vulnerabilities in c-rick/jimeng-mcp (Path Traversal + SSRF)
## Identification
- **Project:** jimeng-mcp
- **Repository:** https://github.com/c-rick/jimeng-mcp
- **Affected Version/Commit:** dfba9045f07d4bf8601d3e5e28b55e04a8f68970
## CVE Description
### 1) Path Traversal / Arbitrary File Read
The API accepts user-controlled `filePath` and directly resolves/reads it with `path.resolve(filePath)` and `fs.promises.readFile(...)` without root-boundary restriction. This can lead to unauthorized local file read outside intended scope.
### 2) SSRF
The same user-controlled `filePath` is treated as URL when it contains `http://` or `https://`, and is fetched directly via `axios.get(filePath)` without allowlist or private-network protections. This may allow server-side requests to attacker-controlled or internal endpoints.
## Affected Component
- **File(s):** `src/api.ts`
- **Function / Method:** `getFileContent`, `uploadCoverFile`, `generateImage`, `generateVideo`
- **Entry Point:** user-controlled `filePath` parameters passed to image/video generation flow
## Reproduction Summary
### Path Traversal
1. Supply attacker-controlled local path through `filePath`.
2. Code executes `path.resolve(filePath)` and then `fs.promises.readFile(absolutePath)`.
3. No root-boundary enforcement is applied before file read.
### SSRF
1. Supply attacker-controlled URL in `filePath` (e.g., `http://...` / `https://...`).
2. Code enters URL branch and performs `axios.get(filePath, { responseType: 'arraybuffer' })`.
3. No URL allowlist/private-network guard is applied.
## Technical Details
```ts
// src/api.ts
public async getFileContent(filePath: string): Promise<Buffer> {
try {
if (filePath.includes('https://') || filePath.includes('http://')) {
const res = await axios.get(filePath, { responseType: 'arraybuffer' });
return Buffer.from(res.data);
} else {
const absolutePath = path.resolve(filePath);
return await fs.promises.readFile(absolutePath);
}
} catch (error) {
throw new Error(`读取文件失败: filePath`);
}
}
```
```ts
// src/api.ts (upstream call path)
const imageRes = await this.getFileContent(filePath);
```
## Validation Notes
- No resolve + startsWith(allowedRoot) local-path boundary enforcement observed for local file reads.
- No URL allowlist / private-network blocking observed for remote fetch path.
## PoC / Screenshots
Screenshot 1: getFileContent local-file branch (path.resolve + readFile)
<img width="990" height="219" alt="Image" src="https://github.com/user-attachments/assets/db6a58a3-9732-4176-b2d9-443728dfda71" />
Screenshot 2: caller flow (uploadCoverFile -> getFileContent(filePath))
<img width="801" height="138" alt="Image" src="https://github.com/user-attachments/assets/42ad7fd2-7e94-4c93-b0bf-f0af41eef421" />
|
|---|
| Источник | ⚠️ https://github.com/c-rick/jimeng-mcp/issues/15 |
|---|
| Пользователь | Anonymous User |
|---|
| Представление | 27.04.2026 10:56 (1 месяц назад) |
|---|
| Модерация | 24.05.2026 11:09 (27 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 365454 [c-rick jimeng-mcp 1.10.0 src/api.ts filePath обход каталога] |
|---|
| Баллы | 20 |
|---|