dexhunter kaggle-mcp Path Traversal Vulnerability in prepare_kaggle_dataset Function

A path traversal vulnerability has been identified in the dexhunter kaggle-mcp project, specifically in version 0.1.0 prior to the commit 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. The issue arises in the prepare_kaggle_dataset function within src/kaggle_mcp/server.py. The vulnerability allows for manipulation of the competition_id argument, leading to unauthorized directory traversal. This issue can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for arbitrary directory creation outside the intended data directory, which could disrupt application functionality or clutter the filesystem. Additionally, if the created directories are used to store or access files, this could lead to unauthorized exposure of sensitive information.

Reproduction

To reproduce this vulnerability, invoke the prepare_kaggle_dataset tool with a competition_id argument that includes traversal sequences, such as '../../../../tmp/kaggle-poc'. This will create a directory at the specified path, escaping the intended data directory.

Remediation

It is recommended to validate the competition_id against a strict regex pattern for Kaggle slugs, ensure that the final dataset path does not escape the designated cache root, and run the server with a low-privilege account in a sandboxed environment.