Malicious code in mcp-server-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34dfb6dc382073bace8a4d413b28000ff42770d04b9f69a88906230e2d83260a Package squats the unscoped name mcp-server-fetch an MCP server name commonly invoked via npx mcp-server-fetch by AI coding agents and developer...

Server-side Request Forgery (SSRF)

Overview mcp-fetch-server is an An MCP server offering simple HTTP fetch functionality Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch method, in the isipprivate function. An attacker can access internal network resources by sending crafted...