| عنوان | JoeCastrom mcp-chat-studio 1.5.0 Server-Side Request Forgery |
|---|
| الوصف | The mcp-chat-studio application contains a server-side request forgery (SSRF) vulnerability because attacker-controlled input can reach outbound HTTP request functions without proper destination validation. Specifically, the /api/llm/models endpoint directly uses the req.query.base_url parameter in a fetch() call to {baseUrl}/api/tags (in server/routes/llm.js), and the workflow execution endpoint accepts a llmConfig object from the request body that later controls the auth_url or endpoint parameters passed to axios.post() calls in LLMClient.js (via server/routes/workflows.js). As a result, an unauthenticated attacker can coerce the server into issuing arbitrary HTTP requests to loopback addresses, RFC1918 private IP ranges, link‑local addresses, or cloud metadata services, enabling SSRF attacks that may expose sensitive internal resources. |
|---|
| المصدر | ⚠️ https://github.com/JoeCastrom/mcp-chat-studio/issues/4 |
|---|
| المستخدم | MidA (UID 96794) |
|---|
| ارسال | 10/04/2026 10:04 AM (2 أشهر منذ) |
|---|
| الاعتدال | 26/04/2026 09:59 PM (16 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 359746 [JoeCastrom mcp-chat-studio حتى 1.5.0 LLM Models API server/routes/llm.js req.query.base_url تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|