logo

Database

Lack of data validation - Path Traversal In mcp-ssh-tool

Description

mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening

Summary

mcp-ssh-tool has released version 2.1.1 with security hardening for transfer path authorization and HTTP bearer authentication.

The release addresses:

    insufficient local path policy enforcement in transfer-related filesystem handling

    incomplete canonicalization and segment-boundary handling for deny-prefix path policy checks

    non-constant-time HTTP bearer token comparison

Impact

Affected versions may allow policy bypass in transfer path handling under specific configurations, and may expose a timing side channel in bearer-token comparison for HTTP deployments.

Patched Version

Upgrade to mcp-ssh-tool >= 2.1.1.

npm install -g mcp-ssh-tool@latest

Workarounds

For deployments that cannot immediately upgrade:

    avoid exposing HTTP transport beyond loopback

    use strict filesystem policy configuration

    avoid granting MCP clients access to sensitive local transfer paths

    monitor audit logs for unexpected transfer operations

Credits

Reported by dodge1218.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GHSA-j7h9-2jh7-g9672. GCVE-GHSA-j7h9-2jh7-g967

References

1. https://github.com/oaslananka/mcp-ssh-tool/security/advisories/GHSA-j7h9-2jh7-g967

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.