Skip to content

yjcho9317/nworks

v1.2.2 Security

This release includes 10 security fixes for security teams reviewing exposed deployments.

Published 2mo MCP Servers
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 10 known CVEs

Topics

agent-tools ai-agent automation claude cli cursor
+9 more
korean line-works mcp model-context-protocol naver-works naverworks npm typescript workspace

Affected surfaces

auth rce_ssrf

Summary

AI summary

Security hardening across MCP server and auth layers with input validation, OAuth state improvements, token revocation on logout, SSRF protection, response masking, and hidden error stacks.

Full changelog

Security Hardening

This release strengthens security across MCP server and auth layers. No
breaking changes — all protections work transparently.

🛡️ Input Validation

  • Path traversal prevention: API path segments validated and encoded
    (sanitizePathSegment)
  • MCP file traversal protection: Local file upload/download paths
    validated against directory escape (validateLocalPath)
  • Filename sanitization: CRLF injection and path components stripped from
    filenames (sanitizeFileName)

🔒 Auth Hardening

  • OAuth state: Replaced Math.random() with crypto.randomBytes(32) for
    CSRF protection
  • OAuth state verification: Callback server validates state parameter
    matches
  • Private key file permissions: Warning when key file permissions are too
    open (recommended: 600)
  • Token revocation: nworks logout now revokes tokens server-side before
    clearing local credentials

🔐 SSRF & Info Disclosure

  • SSRF protection: Redirect URLs validated against allowed host whitelist
    (HTTPS only)
  • MCP response masking: clientId, serviceAccount, privateKeyPath
    masked in MCP tool responses (nworks_whoami, nworks_doctor,
    nworks_setup)
  • Error stack hiding: Stack traces no longer exposed in MCP error
    responses

📦 Scope

  • 20 files changed, 437 additions, 90 deletions
  • 21 new tests for sanitize utilities
  • All existing tests pass (31/31)

Security Fixes

  • Path traversal prevention via `sanitizePathSegment`
  • MCP file path validation against directory escape using `validateLocalPath`
  • Filename sanitization removing CRLF and path components with `sanitizeFileName`
  • OAuth state generation now uses cryptographically secure random bytes (`crypto.randomBytes(32)`)
  • Callback server validates OAuth state parameter to prevent CSRF
  • Warning emitted when private key file permissions are too open (recommended 600)
  • nworks logout revokes tokens server‑side before clearing local credentials
  • Redirect URLs validated against an HTTPS‑only allowed host whitelist for SSRF protection
  • MCP tool responses (`nworks_whoami`, `nworks_doctor`, `nworks_setup`) mask `clientId`, `serviceAccount`, and `privateKeyPath`
  • Stack traces no longer exposed in MCP error responses
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track yjcho9317/nworks

Get notified when new releases ship.

Sign up free

About yjcho9317/nworks

NAVER WORKS CLI + MCP server. 26 tools for messages, calendar, drive, mail, tasks, and boards. AI agents can manage NAVER WORKS directly.

All releases →

Beta — feedback welcome: [email protected]