漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
MCP Java-SDK has a DNS Rebinding Vulnerability
Vulnerability Description
MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, or network adjacent. This allows an attacker to make any tool call to the server as if they were a locally running MCP connected AI agent. This vulnerability is fixed in 1.0.0.
CVSS Information
N/A
Vulnerability Type
源验证错误
Vulnerability Title
MCP Java SDK 访问控制错误漏洞
Vulnerability Description
MCP Java SDK是Model Context Protocol开源的一个用于Java应用集成AI模型与工具的标准协议SDK。 MCP Java SDK 1.0.0之前版本存在访问控制错误漏洞,该漏洞源于DNS重绑定漏洞,可能导致攻击者通过受害者的浏览器访问本地或网络私有的MCP服务器,从而执行任意工具调用。
CVSS Information
N/A
Vulnerability Type
N/A