Augments Mcp Server
Monthly
Path traversal in augmnt augments-mcp-server 7.1.0 allows a local low-privileged attacker to read arbitrary files outside the intended project directory by manipulating the packageJsonPath argument passed to the scanProjectDeps function. The vulnerability is limited to confidentiality impact (VC:L) with no integrity or availability effect, and a proof-of-concept has been publicly disclosed via a GitHub issue. The vendor has not responded to the responsible disclosure report, meaning no patch is currently available.
Path traversal in augmnt augments-mcp-server 7.1.0 allows a local low-privileged attacker to read arbitrary files outside the intended project directory by manipulating the packageJsonPath argument passed to the scanProjectDeps function. The vulnerability is limited to confidentiality impact (VC:L) with no integrity or availability effect, and a proof-of-concept has been publicly disclosed via a GitHub issue. The vendor has not responded to the responsible disclosure report, meaning no patch is currently available.