The file_path parameter is not sanitized before being passed to open(), allowing potential read access to arbitrary files.
Location: [src/mitmproxy_mcp/core/server.py:324]
This is an easy fix: validate the file_path to ensure it does not contain traversing sequences and possibly restrict it to a specific directory.
The file_path parameter is not sanitized before being passed to open(), allowing potential read access to arbitrary files.
Location: [src/mitmproxy_mcp/core/server.py:324]
This is an easy fix: validate the file_path to ensure it does not contain traversing sequences and possibly restrict it to a specific directory.