@samanhappy/mcphub@0.9.4 vulnerabilities

A hub server for mcp servers

0.9.11

5 months ago

9 days ago

Known vulnerabilities in the @samanhappy/mcphub package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Improper Authentication @samanhappy/mcphub is an A hub server for mcp servers Affected versions of this package are vulnerable to Improper Authentication via the `handleSseConnection()` function. An attacker can gain unauthorized access and potentially compromise confidentiality, integrity, and availability by sending crafted requests to the affected service. How to fix Improper Authentication? There is no fixed version for `@samanhappy/mcphub`.	>=0.0.1
M Command Injection @samanhappy/mcphub is an A hub server for mcp servers Affected versions of this package are vulnerable to Command Injection via the `serverController.ts` process. A user can execute arbitrary operating system commands by supplying crafted input to the `command` or `args` parameters. How to fix Command Injection? There is no fixed version for `@samanhappy/mcphub`.	*
M Server-side Request Forgery (SSRF) @samanhappy/mcphub is an A hub server for mcp servers Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `baseUrl` argument in the `serverController.ts`. An attacker can make the server initiate arbitrary requests to internal or external systems by supplying crafted input remotely. How to fix Server-side Request Forgery (SSRF)? Upgrade `@samanhappy/mcphub` to version 0.9.11 or higher.	<0.9.11