漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Path Traversal in googleapis/mcp-toolbox HTTP Tool URL Builder
Vulnerability Description
A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the input does not alter the scheme, host, or user info, it relies on ResolveReference for the final URL resolution. Because dot segments (../) are normalized during this resolution step, an attacker can supply path parameters containing directory traversal sequences to escape the operator-configured path scope. This allows the client to coerce the toolbox into making requests to unintended endpoints on the same target host while forwarding the toolbox's configured credentials (e.g., bypassing a restricted path like /api/v1/users/{{.id}} to reach /admin/secrets).
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Google MCP Toolbox for Databases 路径遍历漏洞
Vulnerability Description
Google MCP Toolbox for Databases (googleapis/mcp-toolbox)是美国Google公司的一个数据库管理工具箱。 Google MCP Toolbox for Databases 1.3.0之前版本存在路径遍历漏洞,该漏洞源于HTTP工具URL构建器中的路径遍历问题,URL构建器依赖ResolveReference进行最终URL解析,由于点片段(../)在此解析步骤中被规范化,攻击者可提供包含目录遍历序列的路径参数绕过操作员配置的路径范围,导致客户端强制工具
CVSS Information
N/A
Vulnerability Type
N/A