| 标题 | debugmcp mcp-debugger 3e83906c8358965efd683c734e94a75d338400fa Path Traversal |
|---|
| 描述 | A path traversal / arbitrary file read issue exists in debugmcp/mcp-debugger (tested on commit 3e83906c8358965efd683c734e94a75d338400fa). The source-context flow accepts user-controlled file input via handleGetSourceContext. In host mode, resolvePathForRuntime returns input paths unchanged, and the effective path reaches filesystem operations (readFile/stat/pathExists) without workspace boundary enforcement. This allows unauthorized reading of arbitrary absolute filesystem paths. |
|---|
| 来源 | ⚠️ https://github.com/hyk6225/public_exp/issues/1 |
|---|
| 用户 | Anonymous User |
|---|
| 提交 | 2026-04-27 09時26分 (1 月前) |
|---|
| 管理 | 2026-05-24 10時58分 (27 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 365448 [debugmcp mcp-debugger 直到 0.20.0 src/server.ts handleGetSourceContext 目录遍历] |
|---|
| 积分 | 20 |
|---|