Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
hackmd-mcp server-side request forgery in HTTP transport mode
Vulnerability Description
hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery (SSRF) vulnerability when the server is run in HTTP transport mode. Arbitrary hackmdApiUrl values supplied via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter are accepted without validation, allowing attackers to redirect outbound API requests to internal network services, access internal endpoints, perform network reconnaissance, and bypass network access controls. The stdio transport mode is not affected because it only accepts stdio requests. The issue is fixed in version 1.5.0, which enforces allowed endpoints and supports the ALLOWED_HACKMD_API_URLS environment variable. Users should update to 1.5.0 or later or apply documented mitigations such as switching to stdio mode, restricting outbound network access, or filtering the Hackmd-Api-Url header and related query parameter via a reverse proxy.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
HackMD MCP Server 代码问题漏洞
Vulnerability Description
HackMD MCP Server是yuna0x0个人开发者的一个上下文协议服务器。 hackmd-mcp 1.4.0版本至1.5.0之前版本存在代码问题漏洞,该漏洞源于HTTP传输模式下未验证Hackmd-Api-Url标头或base64编码JSON查询参数,可能导致服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A