漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server
Vulnerability Description
excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode (the documented way to use this server remotely), an unauthenticated attacker on the network can read, write, and overwrite arbitrary files on the host filesystem by supplying crafted filepath arguments to any of the 25 exposed MCP tool handlers. The server is intended to confine file operations to a directory set by the EXCEL_FILES_PATH environment variable. The function responsible for enforcing this boundary — get_excel_path() — fails to do so due to two independent flaws: it passes absolute paths through without any check, and it joins relative paths without resolving or validating the result. Combined with zero authentication on the default network-facing transport and a default bind address of 0.0.0.0 (all interfaces), this allows trivial remote exploitation. This vulnerability is fixed in 0.1.8.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
excel-mcp-server 路径遍历漏洞
Vulnerability Description
excel-mcp-server是Haris个人开发者的一个Excel文件操作服务器,支持创建、读取和修改工作簿。 excel-mcp-server 0.1.7及之前版本存在路径遍历漏洞,该漏洞源于get_excel_path函数未能强制执行目录边界,可能导致网络上的未经身份验证的攻击者通过提供特制的文件路径参数读取、写入和覆盖主机文件系统上的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A