Vulnerability	Vulnerable Version
H External Control of File Name or Path apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to External Control of File Name or Path through improper validation of manifest-controlled paths in the `plugin.json` file during the installation process. An attacker can cause arbitrary files or directories from the host system to be copied into the managed install output by specifying absolute or traversal paths in the manifest fields, potentially leading to exposure or integration of sensitive host content into the project. How to fix External Control of File Name or Path? Upgrade `apm-cli` to version 0.8.12 or higher.	[,0.8.12)

External Control of File Name or Path

apm-cli is a MCP configuration tool

Affected versions of this package are vulnerable to External Control of File Name or Path through improper validation of manifest-controlled paths in the plugin.json file during the installation process. An attacker can cause arbitrary files or directories from the host system to be copied into the managed install output by specifying absolute or traversal paths in the manifest fields, potentially leading to exposure or integration of sensitive host content into the project.

How to fix External Control of File Name or Path?

Upgrade apm-cli to version 0.8.12 or higher.

[,0.8.12)

Go back to all versions of this package