Awesome Mcp Server
Monthly
Server-side request forgery in the mcp-wiki/wiki-summary component of AIAnytime Awesome-MCP-Server (up to commit a884bb51) allows a remote, low-privileged attacker to manipulate the `url` argument in `mcp-wiki/src/mcp_wiki/server.py`, causing the server to issue arbitrary HTTP requests to internal or external resources on the attacker's behalf. Successful exploitation can expose internal services, cloud metadata endpoints, or other backend infrastructure inaccessible from the public internet. A publicly available exploit exists (POC confirmed via GitHub issue #35); this CVE is not currently listed in CISA KEV. The CVSS 4.0 score of 5.3 reflects a moderate severity with low-privilege authentication required and partial confidentiality, integrity, and availability impact.
Server-side request forgery in the mcp-wiki/wiki-summary component of AIAnytime Awesome-MCP-Server (up to commit a884bb51) allows a remote, low-privileged attacker to manipulate the `url` argument in `mcp-wiki/src/mcp_wiki/server.py`, causing the server to issue arbitrary HTTP requests to internal or external resources on the attacker's behalf. Successful exploitation can expose internal services, cloud metadata endpoints, or other backend infrastructure inaccessible from the public internet. A publicly available exploit exists (POC confirmed via GitHub issue #35); this CVE is not currently listed in CISA KEV. The CVSS 4.0 score of 5.3 reflects a moderate severity with low-privilege authentication required and partial confidentiality, integrity, and availability impact.