MCP Registry Open Redirect Vulnerability in TrailingSlashMiddleware

A vulnerability allowing open redirect attacks has been identified in the MCP Registry, specifically in versions 1.1.0 prior to 1.7.5. The issue arises in the TrailingSlashMiddleware, located in internal/api/server.go, which fails to properly validate URLs before redirecting. This allows attackers to craft URLs that, after being processed by the middleware, are interpreted by browsers as absolute URLs to external domains. The vulnerability could be exploited by sending a request with a double-slash path followed by an external domain, which would then be redirected to that domain.

Impact

Exploitation of this vulnerability could lead to open redirect behavior, allowing attackers to redirect users to malicious sites or phishing pages.

Reproduction

To reproduce this vulnerability, start the MCP Registry server or identify a deployed instance. Then, send a request with a double-slash path followed by an external domain. The server will respond with a 308 Permanent Redirect to the crafted URL, which, when accessed in a browser, will redirect the user to the external site.

Remediation

Users can update to MCP Registry version 1.7.5 or later, where this vulnerability has been fixed.