| 标题 | Algovate xhs-mcp 0.8.11 Server-Side Request Forgery |
|---|
| 描述 | A server-side request forgery (SSRF) vulnerability (CWE-918) and a path traversal vulnerability (CWE-22) have been identified in xhs-mcp version 0.8.11, specifically within the xhs_publish_content MCP tool. The SSRF issue arises when a user-supplied media_paths value begins with http:// or https://, causing the server to fetch the URL via fetch() without allowlisting or destination validation, enabling requests to internal or loopback services. The path traversal issue allows an attacker to supply a local video path containing ../ sequences that escape the project directory, leading to unintended filesystem access. An attacker with access to the MCP interface can exploit these flaws to interact with internal network endpoints and access local files outside the intended workspace. No fixed version is available at the time of reporting. |
|---|
| 来源 | ⚠️ https://github.com/Algovate/xhs-mcp/issues/6 |
|---|
| 用户 | _Eternity_ (UID 97332) |
|---|
| 提交 | 2026-04-14 03時14分 (2 月前) |
|---|
| 管理 | 2026-04-29 16時11分 (16 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 360154 [Algovate xhs-mcp 0.8.11 MCP Interface src/server/mcp.server.ts xhs_publish_content media_paths 权限提升] |
|---|
| 积分 | 20 |
|---|