CNNVD-202512-174 Information
CNNVD ID
CNNVD-202512-174
Related CVE
- CNNVD Published: 2025-12-02
Description (Chinese)
MCP TypeScript SDK是Model Context Protocol开源的一个用于模型上下文协议服务器和客户端的开发者工具包。 MCP TypeScript SDK 1.24.0之前版本存在安全漏洞,该漏洞源于默认未启用DNS重绑定保护,可能导致绕过同源策略限制。
Description (English)
MCP TypeScript SDK is a developer tool kit for model context protocol servers and clients from the Model Context Protocol open source. MCP TypeScript SDK 1.24.0 has a security loophole, which stems from the default failure to enable DNS re-locking protection, which may result in circumventing the same-source strategy limits.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Model Context Protocol
Published
2025-12-02
Last Modified
2026-02-24
References
https://github.com/modelcontextprotocol/typescript-sdk/commit/09623e2aa5044f9e9da62c73d820a8250b9d97ed https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-w48q-cv73-mx4w
Patch
https://github.com/modelcontextprotocol/typescript-sdk
Share on: