2 matches found
GHSA-WVJ2-96WP-FQ3F MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity
The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc. Additionally, Go's standard...
00-merlin-hu-mcpdemo-pipy (>=0.1.0 <=0.1.1), 00-renjing-mcp-server-pypi (=0.1.0) +22632 more potentially affected by CVE-2025-53366 via mcp (>=1.0.0 <=1.9.3)
mcp PYPI version =1.0.0, =0.1.0, =0.1.0, =0.1.2, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.5.3, =0.5.6 and more Source cves: CVE-2025-53366 Source advisory: SNYK:PYTHON-MCP-10734137...