meta-ads-mcp: Server-Side Request Forgery (SSRF) in `upload_ad_image` via Unrestricted `image_url` Fetch
Server-Side Request Forgery SSRF in uploadadimage via Unrestricted imageurl Fetch Summary The uploadadimage MCP tool in meta-ads-mcp v1.0.113 passes an attacker-controlled imageurl parameter directly to an HTTP fetch helper httpx.AsyncClientfollowredirects=True.geturl without any scheme, host, or...