Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FastMCP OAuth Proxy token reuse across MCP servers
Vulnerability Description
FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for the MCP server, the token is issued for the base_url passed to the OAuthProxy during initialization. This issue has been patched 2.14.2.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
FastMCP 安全漏洞
Vulnerability Description
FastMCP是Jeremiah Lowin个人开发者的一个MCP服务器构建软件。 FastMCP 2.14.2之前版本存在安全漏洞,该漏洞源于服务器未正确处理客户端在授权和令牌请求中提交的资源参数,可能导致令牌被错误地颁发给初始化时传递给OAuthProxy的base_url。
CVSS Information
N/A
Vulnerability Type
N/A