Описание
The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.
A flaw was found in the Go MCP SDK. This issue occurs due to an improper handling of case sensitivity during JSON-RPC message parsing, specifically in the matching of JSON keys to struct field tags. This behavior violates the JSON-RPC 2.0 specification, which explicitly requires case-sensitive field name matching. A malicious MCP peer able to send protocol messages with non-standard field casing can potentially bypass intermediary inspection, allowing attackers to smuggle payloads past upstream filters and cause cross-implementation inconsistency.
Отчет
This issue is only exploitable in MCP Go SDK backends deployed behind an intermediary security control, like a WAF, inspection proxy or strict firewall that enforces the JSON-RPC 2.0 specification. This vulnerability allows an attacker to bypass the upstream filter and deliver a message to the backend. However, the attacker is still constrained by the normal business logic of the application and cannot cause memory access, arbitrary command execution or grant database administrative rights. Due to these reasons, this flaw has been rated with an important severity.
Меры по смягчению последствий
To mitigate this flaw, strictly enforce JSON-RPC case sensitivity before payload processing or harden upstream WAF and proxy rules to explicitly block improperly cased requests at the network edge.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-cli-download-rhel9 | Affected | ||
| Migration Toolkit for Virtualization | mtv-candidate/mtv-api-rhel9 | Will not fix | ||
| Migration Toolkit for Virtualization | mtv-candidate/mtv-cli-download-rhel9 | Will not fix | ||
| Migration Toolkit for Virtualization | mtv-candidate/mtv-controller-rhel9 | Will not fix | ||
| Migration Toolkit for Virtualization | mtv-candidate/mtv-operator-bundle | Will not fix | ||
| OpenShift Lightspeed | openshift-lightspeed/openshift-mcp-server-rhel9 | Affected | ||
| OpenShift Serverless | openshift-serverless-1/kn-client-kn-rhel9 | Affected | ||
| OpenShift Serverless | openshift-serverless-1/kn-plugin-func-func-util-rhel9 | Affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-dashboard-rhel9 | Affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-mod-arch-gen-ai-rhel9 | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.2 High
CVSS3
Связанные уязвимости
The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.
MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity
Уязвимость функции json.Unmarshal() реализации протокола JSON-RPC библиотеки MCP Go SDK, позволяющая нарушителю обойти существующие механизмы безопасности
EPSS
7.2 High
CVSS3