# Summary of Template Injection Vulnerability in coding-standard-mcp ## Vulnerability Overview In the `coding-standards-mcp` project, the `get_style_guide` tool contains a path traversal vulnerability. Attackers can read arbitrary files outside the `templates/` directory in the server's file system by constructing a malicious `language` parameter. ## Scope of Impact - **Affected Version**: `cfeab27` - **Affected Scope**: Revision versions of `server.py` that contain the same `read_template()` implementation logic. - **Security Impact**: - **Confidentiality**: Medium (can read any file matching the suffix). - **Integrity/Availability**: No direct impact. - **CVSS v3.1 Score**: 5.3 (Medium) ## Remediation 1. **Input Restriction**: Restrict the `language` parameter to a fixed whitelist (e.g., `java`, `python`, `react`). 2. **Path Validation**: Parse the final path and enforce that it resides within the `templates/` directory. 3. **Reject Illegal Characters**: Reject path separators and traversal tokens in the template selector. 4. **Code Refactoring**: Replace free-form input with an enumeration or a mapping table of known template names. 5. **Strict Validation**: If free-form input must be retained, use strict regular expression validation and ensure the parsed path is under `templates/`. 6. **Regression Testing**: Add regression tests for payloads containing characters such as `/`, `\`, and `..`. ## Proof of Concept (POC) An attacker can invoke the `get_style_guide` tool with a `language` parameter containing traversal sequences to read the target file. ```json { "jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "get_style_guide", "arguments": { "language": "../../../../../tmp/secret" } } } ```