Homepage

@modelcontextprotocol/server-slack@2025.4.25 vulnerabilities

MCP server for interacting with Slack

  • latest version

    2025.4.25

  • first published

    8 months ago

  • latest version published

    3 months ago

  • deprecated

    Package is deprecated

  • licenses detected

  • View server-slack package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @modelcontextprotocol/server-slack package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Improper Neutralization of Input Used for LLM Prompting

    @modelcontextprotocol/server-slack is a MCP server for interacting with Slack

    Affected versions of this package are vulnerable to Improper Neutralization of Input Used for LLM Prompting via the automatic link unfurling process. An attacker can access sensitive information by manipulating an AI agent to generate messages containing attacker-crafted hyperlinks embedding sensitive data, which are then processed by link preview bots and sent to attacker-controlled URLs, enabling zero-click data exfiltration.

    How to fix Improper Neutralization of Input Used for LLM Prompting?

    There is no fixed version for @modelcontextprotocol/server-slack.

    *
    Go back to all versions of this package