Mastra Directory Traversal Vulnerability in Documentation Server
Vulnerability
A directory traversal vulnerability has been identified in the Mastra framework's documentation server package, `@mastra/mcp-docs-server`, affecting versions 0.13.8 through 0.13.20-alpha.0. This vulnerability allows attackers to bypass security checks and access arbitrary directory listings from the user's filesystem, including sensitive areas like the home directory. The issue arises because the initial security validation is undermined by subsequent logic that fails to properly sanitize paths before use.
Impact
Exploitation of this vulnerability leads to unauthorized directory listings from the user's home directory, potentially exposing sensitive information about the filesystem's structure and contents.
Reproduction
The vulnerability can be reproduced by injecting a crafted prompt into an AI coding assistant that utilizes the Mastra MCP server, such as Cursor IDE. This prompt should instruct the AI to traverse directories using a path traversal technique, which the AI will execute, resulting in a directory listing from the user's home directory.
Remediation
Users are advised to update to version 0.17.0 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.