Описание
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. This issue has been patched in version 1.26.0.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
- MitigationVendor Advisory
Уязвимые конфигурации
EPSS
7.1 High
CVSS3
Дефекты
Связанные уязвимости
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. This issue has been patched in version 1.26.0.
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
EPSS
7.1 High
CVSS3