-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability exists in the _fetch method of the Fetcher class in src/Fetcher.ts. The application attempts to prevent Server-Side Request Forgery (SSRF) by checking if the provided URL resolves to a private IP address using the is_ip_private library. However, this check is performed only on the initial URL provided by the user. The underlying fetch call will follow HTTP redirects by default. An attacker can provide a URL that initially points to a safe, public IP address, which will pass the is_ip_private check. This safe URL can then issue a redirect (e.g., via a 301 or 302 status code) to a private, internal IP address. The fetch function will follow this redirect, sending a request to the internal resource. This bypasses the intended security control and allows an attacker to access internal network resources. The public methods html, json, txt, and markdown all use the vulnerable _fetch method and are the entry points for an attacker to exploit this vulnerability.
Fetcher._fetchsrc/Fetcher.ts
Fetcher.htmlsrc/Fetcher.ts
Fetcher.jsonsrc/Fetcher.ts
Fetcher.txtsrc/Fetcher.ts
Fetcher.markdownsrc/Fetcher.ts
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mcp-fetch-server | npm | <= 1.0.2 |