Количество 2
Количество 2
CVE-2025-5276
All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information.
GHSA-frq9-3hp2-xvxg
Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-5276 All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information. | CVSS3: 7.4 | 0% Низкий | 9 месяцев назад |
| GHSA-frq9-3hp2-xvxg Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function | CVSS3: 7.4 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу