Lucene search
+L

4 matches found

snyk
snyk
added 2026/07/01 6:16 p.m.5 views

Server-side Request Forgery (SSRF)

Overview auth-fetch-mcp is a MCP server that lets AI read Notion, Google Docs, Jira & any login-protected page via a real browser Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isPrivateV6 function, which fails to properly detect IPv4-mapped IPv6...

7.4CVSS6AI score
Exploits0References2
osv
osv
added 2026/05/19 3:47 p.m.10 views

GHSA-HV85-774V-26FG auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs

SSRF + disk-exfil in downloadmedia and authfetch tools — ymw0407/auth-fetch-mcp Severity The downloadmedia and authfetch MCP tools accept arbitrary URLs and reach them as the MCP server process, with downloadmedia additionally persisting the fetched response body to a user-controlled output...

8.2CVSS6AI score
Exploits0References3
patchstack
patchstack
added 2026/05/19 3:47 p.m.11 views

NPM: auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs

NPM: auth-fetch-mcp: SSRF and disk exfiltration via unvalidated authfetch and downloadmedia URLs vulnerability discovered by ? in WordPress Npm auth-fetch-mcp versions = 3.0.0...

5.8AI score
Exploits0References3Affected Software1
github
github
added 2026/05/19 3:47 p.m.11 views

auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs

SSRF + disk-exfil in downloadmedia and authfetch tools — ymw0407/auth-fetch-mcp Severity The downloadmedia and authfetch MCP tools accept arbitrary URLs and reach them as the MCP server process, with downloadmedia additionally persisting the fetched response body to a user-controlled output...

6AI score
Exploits0References3Affected Software1
Rows per page
Query Builder