| शीर्षक | JoeCastrom mcp-chat-studio 1.5.0 Server-Side Request Forgery |
|---|
| विवरण | The mcp-chat-studio application contains a server-side request forgery (SSRF) vulnerability because attacker-controlled input can reach outbound HTTP request functions without proper destination validation. Specifically, the /api/llm/models endpoint directly uses the req.query.base_url parameter in a fetch() call to {baseUrl}/api/tags (in server/routes/llm.js), and the workflow execution endpoint accepts a llmConfig object from the request body that later controls the auth_url or endpoint parameters passed to axios.post() calls in LLMClient.js (via server/routes/workflows.js). As a result, an unauthenticated attacker can coerce the server into issuing arbitrary HTTP requests to loopback addresses, RFC1918 private IP ranges, link‑local addresses, or cloud metadata services, enabling SSRF attacks that may expose sensitive internal resources. |
|---|
| स्रोत | ⚠️ https://github.com/JoeCastrom/mcp-chat-studio/issues/4 |
|---|
| उपयोगकर्ता | MidA (UID 96794) |
|---|
| सबमिशन | 10/04/2026 10:04 AM (2 महीनों पहले) |
|---|
| संयम | 26/04/2026 09:59 PM (16 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359746 [JoeCastrom mcp-chat-studio तक 1.5.0 LLM Models API server/routes/llm.js req.query.base_url अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|