mcp-markdownify-server Files or Directories Accessible to External Parties Vulnerability

A vulnerability exists in all versions of the mcp-markdownify-server package, allowing files or directories to be accessed by external parties through the 'get-markdown-file' tool. An attacker can create a prompt that, when processed by the MCP host, enables the reading of arbitrary files from the server's host system.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server where mcp-markdownify-server is running.

Reproduction

To reproduce this vulnerability, use the 'get-markdown-file' tool to request a file. The server will read the file and return its contents. If the 'MD_SHARE_DIR' environment variable is not set, the server will read files from any location, including sensitive system files.

Remediation

A fix has been implemented in the master branch of the mcp-markdownify-server repository, but it has not yet been published.