Submit #811428: continuedev continue v1.2.22-vscode Path Traversal (CWE-22)info

Titlecontinuedev continue v1.2.22-vscode Path Traversal (CWE-22)
Description# Technical Details A Path Traversal vulnerability exists in the `lsToolImpl` method in `core/tools/implementations/lsTool.ts` of Continue. The application fails to apply standard workspace boundary checks and explicitly overrides default security blocklists, allowing unauthenticated enumeration of the host system. # Vulnerable Code File: core/tools/implementations/lsTool.ts Method: lsToolImpl Why: The `lsTool` function omits calling the explicit `throwIfFileIsSecurityConcern(resolvedPath.displayPath)` security barrier used by other file manipulation functions. Furthermore, it explicitly overrides protective environment blocklists by utilizing the configuration `overrideDefaultIgnores: ignore()`. # Reproduction 1. Establish an external JSON-RPC connection to the Continue Core TCP server port (e.g., 3000). 2. Send a `tools/call` message JSON payload targeting the `ls` system function. 3. Inject the `dirPath` variable argument with an absolute, restricted directory path, such as `/etc`. 4. Observe the comprehensive file/directory listing of the restricted path returned in the JSON response payload. # Impact - Unauthorized local file enumeration exposing directory structures. - Leakage of sensitive software configurations or user configurations (e.g., `~/.ssh/`, `.env`) that can be chained to increase exploit impact.
Source⚠️ https://gist.github.com/YLChen-007/da04e032993a4b2324df915f9ecf9831
User
 Eric-g (UID 96879)
Submission04/23/2026 15:14 (3 months ago)
Moderation05/17/2026 11:30 (24 days later)
StatusAccepted
VulDB entry364395 [continuedev continue up to 1.2.22 JSON-RPC Server lsTool.ts lsTool dirPath path traversal]
Points20

Do you know our Splunk app?

Download it now for free!