14 matches found
DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost
The Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or SSEHandler, a malicious website could exploit DNS rebinding to bypass same-origi...
CVE-2025-66416 DNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK for Servers Running on Localhost
The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to version 1.23.0, tThe Model Context Protocol MCP Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost...
CVE-2025-66414 DNS Rebinding Protection Disabled by Default in Model Context Protocol TypeScript SDK for Servers Running on Localhost
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to 1.24.0, The Model Context Protocol MCP TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without...
GHSA-9H52-P55H-VW2F Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default
Description The Model Context Protocol MCP Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured...
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default
Description The Model Context Protocol MCP Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured...
EUVD-2022-6347
Malicious code in bioql PyPI...
CVE-2019-5464
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the urlblocker.rb which could result in SSRF where the library is utilized...
GHSA-H9CW-7G8J-H66H Server-Side Request Forgery in link-preview-js
The package link-preview-js before 2.1.17 are vulnerable to Server-side Request Forgery SSRF which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection...
Server-Side Request Forgery in link-preview-js
The package link-preview-js before 2.1.17 are vulnerable to Server-side Request Forgery SSRF which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection...
CVE-2022-25876 Server-side Request Forgery (SSRF)
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery SSRF which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection...
CVE-2022-25876
CVE-2022-25876 affects the npm package link-preview-js prior to version 2.1.16. The vulnerability is Server-side Request Forgery (SSRF) caused by flawed DNS rebinding protection, allowing an attacker to make arbitrary requests from the vulnerable host to the local network and read responses. Affe...
OPENSUSE-SU-2022:0079-1 Security update for minidlna
This update for minidlna fixes the following issues: minidlna was updated to version 1.3.1 boo1196814 - Fixed a potential crash in SSDP request parsing. - Fixed a configure script failure on some platforms. - Protect against DNS rebinding attacks. CVE-2022-26505 - Fix an socket leakage issue on...
[slackware-security] bind
New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/bind-9.11.18-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: DNS rebinding protection was ineffective wh...
CVE-2019-5464
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the urlblocker.rb which could result in SSRF where the library is utilized...