Spring AI MCP Security: Unvalidated URL Fetching (SSRF)

Summary The mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to...

Malicious code in puppeteer-req-interceptor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15ace3c3ef68e8cff62f0dfa94786912c5a2f0c8b74608de84e77f01aa897734 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...