Deepractice PromptX Absolute Path Traversal Vulnerability in Document File Handler

A vulnerability allowing absolute path traversal has been identified in Deepractice PromptX versions through 2.4.0. The issue resides in the Document File Handler component, specifically within the function read_docx, read_xlsx, read_pptx, list_xlsx_sheets, and read_pdf of the file packages/mcp-office/src/index.ts. This vulnerability allows an attacker to read arbitrary Office or PDF files from the local filesystem by manipulating the path argument, bypassing workspace boundaries. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for arbitrary local file read, with a focus on Office and PDF documents, from any location on the local filesystem, bypassing intended workspace restrictions.

Reproduction

To reproduce this vulnerability, upload a file such as a DOCX or PDF outside the application's designated workspace. Then, send a request to the PromptX MCP server, using the 'tools/call' method with the 'read_docx', 'read_pdf', or similar tool names, and include the absolute path of the uploaded file as the 'path' argument. The response will contain the file's contents, demonstrating that the vulnerability has been successfully exploited.