| 제목 | priyankark a11y-mcp 1.0.4 Server-Side Request Forgery |
|---|
| 설명 | priyankark a11y-mcp contains a server-side request forgery (SSRF) vulnerability in src/index.js. The affected MCP request handlers pass an attacker-controlled URL to Puppeteer navigation logic without enforcing a strict destination allowlist or equivalent network restrictions. An attacker who can invoke the vulnerable handlers can cause the server to initiate requests to arbitrary internal or external resources, including loopback, private-address, link-local, or cloud metadata endpoints, subject to network reachability.
|
|---|
| 원천 | ⚠️ https://github.com/wing3e/public_exp/issues/17 |
|---|
| 사용자 | BigW (UID 96422) |
|---|
| 제출 | 2026. 03. 16. AM 11:47 (21 날 ago) |
|---|
| 모더레이션 | 2026. 04. 01. PM 03:12 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 354655 [priyankark a11y-mcp 까지 1.0.5 src/index.js A11yServer 권한 상승] |
|---|
| 포인트들 | 20 |
|---|