Kkkkko

**Name of the Vulnerable Software and Affected Versions** debugmcp mcp-debugger versions prior to 0.20.1 **Description** A path traversal issue exists in the `handleGetSourceContext()` function within the `src/server.ts` file. This flaw allows a remote attacker to manipulate file paths to access unauthorized directories or files on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dazeb cline-mcp-memory-bank versions up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f **Description** A remote path traversal flaw exists in the `handleInitializeMemoryBank()` function within the `src/index.ts` file. This issue occurs when the `projectPath` argument is manipulated, allowing an attacker to access files or directories outside the intended folder. **Recommendations** As a temporary workaround, restrict or validate the input provided to the `projectPath` argument in the `handleInitializeMemoryBank()` function to prevent path traversal. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dazeb markdown-downloader versions up to 3d4394b34b6c99d81af817623af55e3384df5a6a **Description** A flaw in the `create subdirectory()` function within the `download markdown/list downloaded files` path of the `src/index.ts` file allows for remote path traversal. Path traversal is a technique that enables an attacker to access files and directories that are stored outside the intended folder. **Recommendations** As a temporary workaround, consider restricting the use of the `create subdirectory()` function until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** c-rick jimeng-mcp version 1.10.0 **Description** Path traversal can be triggered remotely through the manipulation of the `filePath` argument. This issue affects the `getFileContent()`, `uploadCoverFile()`, `generateImage()`, and `generateVideo()` functions within the `src/api.ts` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.