Submit #804390: ggerve coding-standards-mcp c21ab2754684329eab4feb72427dc9acfe61e52f Path Traversalinfo

Titleggerve coding-standards-mcp c21ab2754684329eab4feb72427dc9acfe61e52f Path Traversal
DescriptionThe server is supposed to serve Markdown templates from its bundled templates directory. Instead, both exported tools construct filenames from untrusted language input and pass them into read_template(): get_style_guide(language) builds f"{language}_style_guide.md" get_best_practices(language) builds f"{language}_best_practices.md" read_template() then does os.path.join(os.path.dirname(__file__), "templates", filename) and opens the resulting path directly. Because neither the input nor the resolved path is validated, traversal strings such as ../../../../tmp/secret escape templates/ and read files like /tmp/secret_style_guide.md.
Source⚠️ https://github.com/ggerve/coding-standards-mcp/issues/3
User
 LargeW (UID 97302)
Submission04/14/2026 13:48 (3 months ago)
Moderation05/01/2026 11:30 (17 days later)
StatusAccepted
VulDB entry360541 [ggerve coding-standards-mcp server.py get_style_guide/get_best_practices Language path traversal]
Points20

Want to know what is going to be exploited?

We predict KEV entries!