Priyankark a11y-mcp Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability exists in the Priyankark a11y-mcp application, specifically in versions up to 1.0.5. The issue arises in the A11yServer function within src/index.js, where user-supplied URLs are not properly validated before being passed to Puppeteer's page.goto() method. This lack of validation allows an attacker to manipulate the request and have the server make requests to internal or external resources, including loopback addresses and cloud metadata endpoints. The vulnerability can be exploited locally, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where the server is tricked into making requests to unintended destinations. This could lead to unauthorized access to internal services or metadata endpoints, depending on the network environment.

Reproduction

The vulnerability can be reproduced by sending a JSON-RPC request to the a11y-mcp server that includes a URL pointing to a local or internal resource. The server will then navigate to the URL using Puppeteer, effectively performing a server-side request that could be exploited.

Remediation

Users are advised to upgrade to a11y-mcp version 1.0.6, which addresses the vulnerability by adding proper URL validation to prevent server-side request forgery.