6 matches found
Markdownify MCP Server allows attackers to read arbitrary files
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server...
GHSA-22V8-P7H2-RJ7P Markdownify MCP Server allows attackers to read arbitrary files
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server...
CVE-2025-5273
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server...
CVE-2025-5273
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server...
CVE-2025-5273
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server...
CVE-2025-5273
CVE-2025-5273 affects all versions of the package mcp-markdownify-server . The vulnerability arises from the get-markdown-file tool, where a crafted prompt accessed by the MCP host can cause the server to read arbitrary files on the host running it. This allows unauthorized disclosure of host fil...