-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| @playwright/mcp | npm | < 0.0.40 | 0.0.40 |
Miggo AIRoot Cause AnalysisThe vulnerability lies in the Playwright MCP server's failure to validate the Host header on incoming connections, making it susceptible to DNS rebinding attacks. The provided commit patch addresses this by introducing a Host header check within the installHttpTransport function located in packages/playwright/src/mcp/sdk/http.ts. The patch adds logic to verify that the Host header of an incoming request matches a configurable list of allowed hosts. If the header does not match, the server rejects the request with a 403 Forbidden status. The vulnerable function is identified as installHttpTransport because it contains the request handler where this crucial validation was missing. An attacker could exploit this by causing a victim's browser to resolve a malicious domain to the localhost address (127.0.0.1), thereby bypassing the same-origin policy and sending commands to the local MCP server.
installHttpTransportpackages/playwright/src/mcp/sdk/http.ts
A Semantic Attack on Google Gemini - Read the Latest Research