N/A

A Server-Side Request Forgery (SSRF) vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and HTTP redirect chains, enabling access to internal network services.

N/A

N/A

Markdownify MCP Server 安全漏洞

Markdownify MCP Server是美国Zach Caceres个人开发者的一个用于将几乎所有内容转换为 Markdown 的模型上下文协议服务器。 Markdownify MCP Server 0.0.2及之前版本存在安全漏洞，该漏洞源于网页转markdown功能存在服务端请求伪造，可能导致绕过私有IP限制。

N/A

N/A