A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
A path traversal vulnerability exists in the code-mcp MCP File Handler component that allows remote attackers to access files outside intended directories through improper validation in the is_safe_path function. The vulnerability affects versions up to commit 4cfc464 and has been publicly disclosed with no vendor response.
تم اكتشاف ثغرة اجتياز مسار في مكون معالج ملفات MCP في code-mcp تسمح للمهاجمين بالوصول إلى الملفات خارج المجلدات المقصودة. الثغرة تؤثر على الإصدارات حتى الالتزام المحدد وتم الإفصاح عنها علناً دون استجابة من المورد.
A path traversal vulnerability in code-mcp's MCP File Handler allows remote attackers to bypass file access restrictions and read arbitrary files on affected systems. The vulnerability remains unpatched as the vendor has not responded to early disclosure notifications.
Update code-mcp to the latest version beyond commit 4cfc464 when available; implement additional input validation and canonicalization of file paths; restrict file handler access to whitelisted directories; monitor for suspicious file access patterns; consider disabling MCP File Handler if not required.
قم بتحديث code-mcp إلى أحدث إصدار متاح بعد الالتزام المذكور؛ طبق التحقق الإضافي من صحة المدخلات وتطبيع مسارات الملفات؛ قيد الوصول إلى معالج الملفات بالمجلدات المدرجة في القائمة البيضاء؛ راقب أنماط الوصول المريبة للملفات؛ فكر في تعطيل معالج ملفات MCP إذا لم يكن مطلوباً.