Ezequiroga MCP-Bases Path Traversal Vulnerability in Research Server

A path traversal vulnerability has been identified in Ezequiroga MCP-Bases, specifically in the 'search_papers' function of 'research_server.py'. This vulnerability allows for remote exploitation by manipulating the 'topic' argument, leading to unauthorized file access and modification. The issue arises because the application fails to properly sanitize the 'topic' input before using it to create directories and files, enabling attackers to traverse the file system and write to arbitrary locations.

Impact

Exploitation of this vulnerability allows for path traversal, enabling attackers to create directories and write files outside the intended application directory. This could be used to overwrite existing files or inject malicious data that the application might process.

Reproduction

To reproduce this vulnerability, start the MCP-Bases application and invoke the 'search_papers' tool with a 'topic' value that includes traversal markers, such as '../'. The server will create a directory outside the intended 'papers/' directory and write a 'papers_info.json' file in that location. This escaped directory can then be accessed through the 'papers://' resource path, demonstrating the successful exploitation of the path traversal vulnerability.

Remediation

To address this vulnerability, the application should reject 'topic' values that contain path traversal tokens or absolute-path syntax. Implementing proper path canonicalization before creating directories or opening files can prevent exploitation. Additionally, consider using a server-generated identifier for storage directories instead of raw topic strings.