| 제목 | horizon921 mcpilot 0.1.0 Server-Side Request Forgery |
|---|
| 설명 | A critical Server-Side Request Forgery (SSRF) vulnerability was discovered in mcpilot 0.1.0. The issue exists in the Next.js API route /api/mcp/call within client/src/app/api/mcp/call/route.ts. The backend accepts a user-provided serverBaseUrl and performs multiple outbound fetch requests (GET and POST) to this URL to detect and call MCP tools. Since there are no restrictions on the scheme, hostname, or IP address, a remote attacker can manipulate the serverBaseUrl to force the server to interact with sensitive internal services, local loopback interfaces (localhost), or cloud metadata endpoints. This can lead to unauthorized access to internal resources and the potential modification of internal service states via POST requests. |
|---|
| 원천 | ⚠️ https://github.com/horizon921/mcpilot/issues/1 |
|---|
| 사용자 | ccccccctfi (UID 97498) |
|---|
| 제출 | 2026. 05. 11. AM 10:51 (30 날 ago) |
|---|
| 모더레이션 | 2026. 05. 31. PM 06:16 (20 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 367573 [horizon921 mcpilot 0.1.0 MCP API Call Endpoint route.ts serverBaseUrl 권한 상승] |
|---|
| 포인트들 | 20 |
|---|