Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode
Vulnerability Description
MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertisement can perform browser-based exploitation of MCP servers executing behind the gateway, including manipulating tools or other features exposed by those MCP servers. MCP Gateway is not affected when running in the default stdio mode, which does not listen on network ports. Version 0.28.0 fixes this issue.
CVSS Information
N/A
Vulnerability Type
暴露危险的方法或函数
Vulnerability Title
Docker MCP Gateway 安全漏洞
Vulnerability Description
Docker MCP Gateway是美国Docker公司的一个网关服务。 Docker MCP Gateway 0.27.0及之前版本存在安全漏洞,该漏洞源于在sse或流传输模式下运行时容易受到DNS重绑定攻击,可能导致基于浏览器的MCP服务器利用。
CVSS Information
N/A
Vulnerability Type
N/A