| tiêu đề | JoeCastrom mcp-chat-studio 1.5.0 Server-Side Request Forgery |
|---|
| Mô tả | The mcp-chat-studio application contains a server-side request forgery (SSRF) vulnerability because attacker-controlled input can reach outbound HTTP request functions without proper destination validation. Specifically, the /api/llm/models endpoint directly uses the req.query.base_url parameter in a fetch() call to {baseUrl}/api/tags (in server/routes/llm.js), and the workflow execution endpoint accepts a llmConfig object from the request body that later controls the auth_url or endpoint parameters passed to axios.post() calls in LLMClient.js (via server/routes/workflows.js). As a result, an unauthenticated attacker can coerce the server into issuing arbitrary HTTP requests to loopback addresses, RFC1918 private IP ranges, link‑local addresses, or cloud metadata services, enabling SSRF attacks that may expose sensitive internal resources. |
|---|
| Nguồn | ⚠️ https://github.com/JoeCastrom/mcp-chat-studio/issues/4 |
|---|
| Người dùng | MidA (UID 96794) |
|---|
| Đệ trình | 10/04/2026 10:04 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 26/04/2026 21:59 (16 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 359746 [JoeCastrom mcp-chat-studio đến 1.5.0 LLM Models API server/routes/llm.js req.query.base_url nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|