Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers
Vulnerability Description
The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses from the oatpp-mcp server.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
Vulnerability Type
使用不充分的随机数
Vulnerability Title
oatpp-mcp 安全特征问题漏洞
Vulnerability Description
oatpp-mcp是Oat++开源的一个模型上下文协议的实现。 oatpp-mcp存在安全特征问题漏洞,该漏洞源于MCP SSE端点返回实例指针作为会话ID,可能导致会话劫持攻击。
CVSS Information
N/A
Vulnerability Type
N/A