Eiceblue Spire.Doc MCP Server Path Traversal Vulnerability in Conversion Tool

A path traversal vulnerability has been identified in Eiceblue Spire.Doc MCP Server version 1.0.0. The issue arises in the 'get_doc_path' function within 'src/spire_doc_mcp/api/base.py', where the 'convert_document' tool improperly handles the 'output_path' parameter. This oversight allows for arbitrary file writes outside the designated 'WORD_FILES_PATH' directory. The vulnerability can be exploited remotely, and the details of the exploit are publicly available.

Impact

Exploitation of this vulnerability allows for arbitrary file writes outside the intended document directory, potentially overwriting important files or filling up writable locations, which could disrupt the host or surrounding application.

Reproduction

To reproduce this vulnerability, first ensure that the Spire.Doc MCP Server is running with the default 'WORD_FILES_PATH' set to './word_files'. Upload a Word document, such as 'report.docx', into the 'WORD_FILES_PATH' directory. Then, send a request to the 'convert_document' tool, specifying 'report.docx' as the document name, 'html' as the target format, and an escaped output path that traverses out of the 'WORD_FILES_PATH' directory, such as '../../../../tmp/spire_doc_escape.html'. If successful, the server will create the specified HTML file in the '/tmp' directory, outside the allowed document path.

Remediation

To address this vulnerability, the 'output_path' parameter should be sanitized to prevent directory traversal and ensure it remains within the 'WORD_FILES_PATH' directory. Additionally, the MCP server should be restricted to trusted callers until a patch is implemented.