| शीर्षक | ShadowCloneLabs GlutamateMCPServers Commit e2de73280b01e5d943593dd1aa2c01c5b9112f78 Server-Side Request Forgery |
|---|
| विवरण | A server-side request forgery (SSRF) vulnerability (CWE-918) has been identified in the puppeteer component of GlutamateMCPServers, specifically within src/puppeteer/index.ts. The puppeteer_navigate MCP tool accepts a user-supplied url argument and passes it directly to page.goto without validation or allowlisting. An attacker with network access to the MCP/HTTP interface can exploit this to make the headless browser navigate to arbitrary destinations, potentially accessing internal services, cloud metadata endpoints, or other restricted resources. This can lead to unauthorized information disclosure and, depending on the environment, further compromise. The latest commit (e2de732) is confirmed affected, with no fixed version available at the time of reporting.
|
|---|
| स्रोत | ⚠️ https://github.com/ShadowCloneLabs/GlutamateMCPServers/issues/8 |
|---|
| उपयोगकर्ता | BruceJin (UID 96538) |
|---|
| सबमिशन | 09/04/2026 05:34 AM (2 महीनों पहले) |
|---|
| संयम | 26/04/2026 10:52 AM (17 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359669 [ShadowCloneLabs GlutamateMCPServers तक e2de73280b01e5d943593dd1aa2c01c5b9112f78 puppeteer_navigate src/puppeteer/index.ts url अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|