Skip to content

v2.3.1 - Security Patch

Latest
Latest

Choose a tag to compare

View all tags
@rosschurchill rosschurchill released this 23 Jan 21:05
v2.3.1
43646d0

Security Fix

This release patches a path traversal vulnerability in the credential vault.

Fixed

  • Credential ID validation - Added validateCredentialId() method to prevent path traversal attacks in get(), delete(), and update() methods
    • Blocks path traversal characters (.., /, \)
    • Enforces expected credential ID format: cred_<timestamp>_<random>
    • Throws CredentialSecurityError on invalid input

Upgrade

npm update @pansec/chrome-mcp-secure

Full Changelog: v2.3.0...v2.3.1

Assets 2
Loading