# Server-Side Request Forgery (SSRF) Vulnerability Summary for mcp-data-vis ## Vulnerability Overview * **Vulnerability Type**: Server-Side Request Forgery (SSRF) * **CWE ID**: CWE-918 * **Affected Component**: `src/servers/web-scraper/server.js` * **Root Cause**: Although the code attempts to filter local addresses (such as localhost, 127.*, 192.168.*, 16.*) via the `validateUrl()` function, the validation logic is incomplete. It fails to comprehensively reject all private, link-local, or sensitive address spaces (e.g., 172.16.0.0/12, 169.254.0.0/16, IPv6 loopback addresses, etc.). Attackers can exploit this flaw to make the server send requests to arbitrary internal or external resources. ## Impact Scope * **Affected Versions**: 1.0.0 and versions containing the same request-to-sink stream code. * **Security Impact**: * **Confidentiality**: High (if internal HTTP services, admin interfaces, or metadata endpoints are reachable). * **Integrity**: Medium (depending on whether reachable internal APIs expose state-changing operations). * **Availability**: Medium (through request abuse or interaction with sensitive internal services). ## Remediation 1. **Replace hostname prefix filtering**: Use normalized IP resolution and robust private address classification. 2. **Enhance validation logic**: Apply the same validation to every outbound request path before `axios()` calls. 3. **Regression testing**: Add tests covering RFC1918, 172.16.0.0/12, 169.254.0.0/16, IPv6 loopback, and redirection bypass attempts. 4. **Release patch**: Issue a security advisory with the explicitly fixed version. ## Proof of Concept (PoC) Code **PoC Delivery Method**: JSON-RPC `tools/call` to the MCP server **Representative Request**: ```json {"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"scrape_page","arguments":{"url":"http://172.16.0.1"}}} ``` **Alternative Affected Tool**: ```json {"jsonrpc":"2.0","id":3,"method":"tools/call","params":{"name":"api_request","arguments":{"url":"http://169.254.0.1"}}} ```