Skip to content

Path Traversal Arbitrary File Read/Write Vulnerability in IncomeStreamSurfer/roo-code-memory-bank-mcp-server #7

Description

@gongyanyugyy

Path Traversal Arbitrary File Read/Write in IncomeStreamSurfer/roo-code-memory-bank-mcp-server

Summary

I found a path traversal issue in IncomeStreamSurfer/roo-code-memory-bank-mcp-server.

The MCP tools read_memory_bank_file and append_memory_bank_entry accept a caller-controlled file_name. In src/index.ts, that value is used directly in:

path.join(MEMORY_BANK_PATH, fileName)

without checking that the resolved path stays inside the memory-bank directory.

The resulting path is then used for:

  • fs.readFile(...)
  • fs.writeFile(...)
  • fs.appendFile(...)

which allows a malicious MCP client to read or modify attacker-chosen files outside the intended storage directory.

Affected Version

  • roo-mcp-server 0.1.0

Relevant Code Paths

  • src/index.ts
    • readMemoryBankFile(input)
    • appendMemoryBankEntry(input)
    • MCP tool handlers for:
      • read_memory_bank_file
      • append_memory_bank_entry

Impact

A malicious MCP client can use traversal segments in file_name to escape the memory-bank directory and perform arbitrary file disclosure and file modification against paths reachable by the server process.

Recommended Fix

  • Reject traversal sequences, absolute paths, and path separators in file_name
  • Resolve the path and verify it remains under MEMORY_BANK_PATH before reading or writing
  • Consider enforcing an allowlist of expected memory-bank filenames

I have a local reproduction and will add it in a follow-up comment with output and screenshot.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions