Brucejqs

**Name of the Vulnerable Software and Affected Versions** puchunjie doc-tools-mcp version 1.0.18 **Description** A path traversal flaw exists in the MCP Interface component within the file `src/mcp-server.ts`. Remote attackers can exploit this by manipulating the `filePath` argument used in the `create document()` and `open document()` functions. Path traversal is a technique that allows an attacker to access files and directories outside the intended folder by using special character sequences. **Recommendations** As a temporary workaround, restrict or validate the `filePath` argument used in the `create document()` and `open document()` functions to prevent unauthorized directory access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ravenwits mcp-server-arangodb versions prior to 0.4.8 **Description** A path traversal issue exists in the MCP Interface component within the `arango backup()` function of the `src/tools.ts` file. A remote attacker can manipulate the `outputDir` argument to access or traverse directories outside the intended path. **Recommendations** Update to a version later than 0.4.7. As a temporary workaround, restrict or validate the input provided to the `outputDir` argument in the `arango backup()` function.

**Name of the Vulnerable Software and Affected Versions** ryanjoachim mcp-rtfm version 0.1.0 **Description** A path traversal issue exists in the MCP Interface component. A remote attacker can manipulate the `docFile` argument within the `get doc content()`, `read doc()`, and `update doc()` functions to access or modify files outside the intended directory. **Recommendations** Apply patch e6f0686fc36012f78236e7fed172c81444904b0b to version 0.1.0.

**Name of the Vulnerable Software and Affected Versions** pixelsock directus-mcp version 1.0.0 **Description** A flaw in the MCP Interface component allows for server-side request forgery (SSRF), a condition where an attacker can induce the server to make requests to an unintended location. This occurs through the manipulation of the `fileUrl` argument within the `validateUrl()` function located in the index.ts file. The attack can be executed remotely. **Recommendations** As a temporary workaround, restrict the use of the `validateUrl()` function until the pending pull request is accepted and a fix is released.

**Name of the Vulnerable Software and Affected Versions** privsim mcp-test-runner version 0.2.0 **Description** A flaw in the MCP Interface component allows for remote OS command injection. This occurs through the manipulation of the `command` argument within the `child process.spawn()` function located in the `src/index.ts` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `child process.spawn()` function or the MCP Interface component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** pskill9 website-downloader versions prior to 0.1.1 **Description** An OS command injection issue exists in the MCP Interface component within the `download website()` function of the `src/index.ts` file. A remote attacker can trigger this by manipulating the `outputPath` argument. OS command injection is a flaw that allows an attacker to execute arbitrary operating system commands on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict the use of the `outputPath` argument in the `download website()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ruvnet sublinear-time-solver version 1.5.0 **Description** A path traversal issue exists in the MCP Interface component. A remote attacker can manipulate the `export state()` function within the `src/consciousness-explorer/mcp/server.js` file to access files and directories outside the intended folder. Path traversal is a technique that allows an attacker to read or write files on the server by manipulating file paths. **Recommendations** As a temporary workaround, restrict access to the `export state()` function in the MCP Interface until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** r-huijts mcp-server-rijksmuseum versions prior to 1.0.5 **Description** A flaw in the MCP Interface component allows remote OS command injection. The issue exists within the `open image in browser()` function located in the `src/index.ts` file, where manipulation of the `imageUrl` variable can be used to execute arbitrary operating system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the `open image in browser()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** 8nite metatrader-4-mcp version 1.0.0 **Description** A path traversal issue exists in the `sync ea from file` component within the `CallToolRequestSchema()` function located in the `src/index.ts` file. Remote attackers can exploit this by manipulating the `ea name` argument. Path traversal is a technique that allows an attacker to access files and directories that are stored outside the web root folder by manipulating variables that reference files with dot-dot-slash (../) sequences. **Recommendations** As a temporary workaround, restrict the use of the `ea name` argument in the `CallToolRequestSchema()` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.