AlejandroArciniegas mcp-data-vis Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability exists in AlejandroArciniegas mcp-data-vis versions prior to de5a51525a69822290eaee569a1ab447b490746d. The vulnerability is located in the web-scraper server component, specifically within the HTTP request handling function that uses axios. The flaw allows remote attackers to manipulate requests and access internal or sensitive external resources, bypassing incomplete validation that fails to adequately block private or link-local addresses.

Impact

Exploitation of this vulnerability allows for unauthorized access to internal services or metadata endpoints, potentially leading to exposure of sensitive information or interaction with administrative interfaces.

Reproduction

The vulnerability can be reproduced by sending a JSON-RPC request to the MCP server that invokes one of the affected web-scraper tools, such as 'scrape_page' or 'api_request'. Include an attacker-controlled URL that points to a sensitive internal resource, such as a private IP address or a link-local address. The request will bypass the inadequate validation and access the internal resource, demonstrating the SSRF vulnerability.

Remediation

To address this vulnerability, implement a comprehensive allowlist for outbound URLs, rejecting loopback, private, link-local, and sensitive metadata destinations. Enhance the URL validation to block all internal address ranges and IPv6 link-local addresses. After applying these validations, add regression tests to ensure the effectiveness of the fixes.