c-rick jimeng-mcp api.ts generateVideo path traversal

Vulnerability

A path traversal vulnerability exists in c-rick/jimeng-mcp version 1.10.0, specifically in the getFileContent, uploadCoverFile, generateImage, and generateVideo functions within src/api.ts [1][2]. The filePath parameter is accepted from user input and processed without proper validation. When the input does not contain http:// or https://, the code uses path.resolve(filePath) and fs.promises.readFile(absolutePath) to read a local file, allowing traversal outside the intended directory. When the input contains a URL scheme, the code performs an axios.get(filePath, { responseType: 'arraybuffer' }) request, enabling server-side request forgery (SSRF) [2].

Exploitation

An attacker with network access to the MCP server can exploit this vulnerability by sending a crafted filePath value. For local file read, a path such as ../../etc/passwd can be supplied. For SSRF, a URL like http://internal-service/ can be used. No authentication is required if the server is exposed, and the exploit has been publicly disclosed [2].

Impact

Successful exploitation allows an attacker to read arbitrary files from the server's filesystem, potentially exposing sensitive data such as configuration files, credentials, or source code. Additionally, the SSRF vector permits requests to internal network resources, which could lead to further compromise of internal services or information disclosure [2].

Mitigation

As of the publication date, the project maintainer has not responded to the issue report, and no patched version has been released [2]. Users should restrict network access to the MCP server to trusted hosts only, implement input validation to reject path traversal patterns and URL schemes if not required, or consider using a web application firewall to filter malicious filePath values. No official fix is available.