AgiFlow Scaffold-MCP Path Traversal Vulnerability in Write-to-File Tool

A path traversal vulnerability allowing arbitrary file writes has been identified in AgiFlow's scaffold-mcp tool, specifically in versions through 1.0.27. The issue arises in the write-to-file functionality, where user-supplied file paths are not properly validated, allowing attackers to overwrite files on the server. This vulnerability can be exploited remotely, potentially leading to unauthorized modifications of files and configurations.

Impact

Exploitation of this vulnerability allows for arbitrary file writes, which can overwrite existing files or create new ones. This could disrupt application functionality, corrupt configuration files, or modify user data, depending on the files targeted.

Reproduction

To reproduce this vulnerability, upload a file using the 'write-to-file' tool in the MCP Inspector. Specify a file path that either is absolute or relative to the current working directory, along with the content to be written. The tool will write the specified content to the file without proper validation, allowing for path traversal and arbitrary file overwrites.

Remediation

Users are advised to upgrade to version 1.1.0 of the scaffold-mcp tool, which addresses this vulnerability by implementing proper path validation. The updated version is available on the AgiFlow aicode-toolkit GitHub repository.