io.modelcontextprotocol.sdk:mcp-core@0.17.2

latest version

1.1.1

latest non vulnerable version

1.1.1

first published

6 months ago

latest version published

14 days ago

licenses detected

MIT
[0.13.0,)

package registry

View on Maven Central Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the io.modelcontextprotocol.sdk:mcp-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Origin Validation Error Affected versions of this package are vulnerable to Origin Validation Error through the lack CORS checks (`Host` and `Origin` header validation) on incoming HTTP connections. An attacker can gain unauthorized access to local or private-network servers by tricking a victim into visiting a malicious website, which then issues requests to the server as if originating from a trusted source. How to fix Origin Validation Error? Upgrade `io.modelcontextprotocol.sdk:mcp-core` to version 0.18.0 or higher.	[,0.18.0)
M Permissive Cross-domain Policy with Untrusted Domains Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the `HttpServletSseServerTransportProvider` and `HttpServletStreamableServerTransportProvider` classes. An attacker can access sensitive session information by leveraging a malicious web page to trigger cross-origin requests, allowing unauthorized reading of server-sent events and subsequent relay of requests using the victim's browser. How to fix Permissive Cross-domain Policy with Untrusted Domains? Upgrade `io.modelcontextprotocol.sdk:mcp-core` to version 1.0.1, 1.1.1 or higher.	[,1.0.1)[1.1.0,1.1.1)

Origin Validation Error

Affected versions of this package are vulnerable to Origin Validation Error through the lack CORS checks (Host and Origin header validation) on incoming HTTP connections. An attacker can gain unauthorized access to local or private-network servers by tricking a victim into visiting a malicious website, which then issues requests to the server as if originating from a trusted source.

How to fix Origin Validation Error?

Upgrade io.modelcontextprotocol.sdk:mcp-core to version 0.18.0 or higher.

[,0.18.0)

Permissive Cross-domain Policy with Untrusted Domains

Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the HttpServletSseServerTransportProvider and HttpServletStreamableServerTransportProvider classes. An attacker can access sensitive session information by leveraging a malicious web page to trigger cross-origin requests, allowing unauthorized reading of server-sent events and subsequent relay of requests using the victim's browser.

How to fix Permissive Cross-domain Policy with Untrusted Domains?

Upgrade io.modelcontextprotocol.sdk:mcp-core to version 1.0.1, 1.1.1 or higher.

[,1.0.1)[1.1.0,1.1.1)

Go back to all versions of this package