4 matches found
GHSA-VMF9-XX9W-86WX PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools
PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools Summary praisonaiagents.mcp.ToolsMCPServer.runsse builds a Starlette MCP HTTP+SSE server around mcp.server.sse.SseServerTransport. The server exposes /sse and /messages/, but it does not valida...
DNS Rebinding
Overview Affected versions of this package are vulnerable to DNS Rebinding due to insufficient validation of the Host and Origin headers. An attacker can gain unauthorized access to sensitive data by luring a victim to a malicious website, enabling the attacker to read information from the report...
GHSA-6Q9C-M9FR-865M vet MCP Server SSE Transport DNS Rebinding Vulnerability
SafeDep vet is vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. To exploit this vulnerability following conditions must be met: 1. A vet scan is executed and reports are saved as sqlite3 database 2. A vet MCP server is running on default port with SSE...
Mozilla Firefox 访问控制错误漏洞
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An access control error vulnerability exists in Mozilla Firefox, which stems from the Remote Agent used in WebDriver not validating the Host or Origin header. An attacker could exploit the vulnerability to force...