Enviar #780752: priyankark a11y-mcp 1.0.4 Server-Side Request Forgeryinformación

Títulopriyankark a11y-mcp 1.0.4 Server-Side Request Forgery
Descripciónpriyankark a11y-mcp contains a server-side request forgery (SSRF) vulnerability in src/index.js. The affected MCP request handlers pass an attacker-controlled URL to Puppeteer navigation logic without enforcing a strict destination allowlist or equivalent network restrictions. An attacker who can invoke the vulnerable handlers can cause the server to initiate requests to arbitrary internal or external resources, including loopback, private-address, link-local, or cloud metadata endpoints, subject to network reachability.
Fuente⚠️ https://github.com/wing3e/public_exp/issues/17
Usuario
 BigW (UID 96422)
Sumisión2026-03-16 11:47 (hace 21 días)
Moderación2026-04-01 15:12 (16 days later)
EstadoAceptado
Entrada de VulDB354655 [priyankark a11y-mcp hasta 1.0.5 src/index.js A11yServer escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!