| Title | wonderwhy-er DesktopCommanderMCP 0.2.13 wonderwhy-er |
|---|
| Description | Directory Traversal via Symbolic Link Bypass Leading to Arbitrary Read/Write
The isPathAllowed function for validating file operations is vulnerable to a security bypass using symbolic links (symlinks). The function does a good job of validating traditional directory traversal attacks (e.g., ../../../) by normalising the path. It validates that a path string starts with an allowed directory, but it does not resolve symlinks. An attacker can create a symlink inside an allowed directory that points to a restricted location. The check will pass, but the subsequent file operation will follow the symlink, leading to an arbitrary file read/write.
This vulnerability completely bypasses the directory restrictions, allowing an attacker to read or write arbitrary files on the system with the permissions of the running process. This can lead to sensitive data exposure (e.g., SSH keys, configuration files) or code execution if an attacker can write to executable files. The severity would vary depending on the privileges of the user running the server. |
|---|
| Source | ⚠️ https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/219 |
|---|
| User | crem (UID 91252) |
|---|
| Submission | 10/03/2025 07:15 (6 months ago) |
|---|
| Moderation | 10/08/2025 12:41 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 327606 [wonderwhy-er DesktopCommanderMCP up to 0.2.13 src/tools/filesystem.ts isPathAllowed symlink] |
|---|
| Points | 20 |
|---|