Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "read_content" tool. This vulnerability arises from improper symlink handling in the path validation mechanism: the resolvePath function checks path validity before resolving symlinks, while fs.readFile resolves symlinks automatically during file access. This allows attackers to bypass directory restrictions by leveraging symlinks within the allowed directory that point to external files, enabling unauthorized access to files outside the intended operational scope.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Filesystem MCP 安全漏洞
Vulnerability Description
Filesystem MCP是Sylphx开源的一个MCP文件系统服务器。 Filesystem MCP 0.5.8版本存在安全漏洞,该漏洞源于路径验证机制中符号链接处理不当,可能导致绕过目录限制,访问未授权文件。
CVSS Information
N/A
Vulnerability Type
N/A