mcp-markdownify-server@0.0.1 vulnerabilities

MCP Markdownify Server - Model Context Protocol Server for Converting Almost Anything to Markdown

latest version

0.0.1

first published

3 months ago

latest version published

3 months ago

licenses detected

MIT
>=0

View mcp-markdownify-server package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the mcp-markdownify-server package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Files or Directories Accessible to External Parties mcp-markdownify-server is a Model Context Protocol (MCP) server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the `get-markdown-file` tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server. How to fix Files or Directories Accessible to External Parties? A fix was pushed into the `master` branch but not yet published.	*
H Server-Side Request Forgery (SSRF) mcp-markdownify-server is a Model Context Protocol (MCP) server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text. Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) via the `Markdownify.get()` function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the `webpage-to-markdown`, `bing-search-to-markdown`, and `youtube-to-markdown` tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information. How to fix Server-Side Request Forgery (SSRF)? A fix was pushed into the `master` branch but not yet published.	*

Files or Directories Accessible to External Parties

mcp-markdownify-server is a Model Context Protocol (MCP) server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text.

Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server.

How to fix Files or Directories Accessible to External Parties?

A fix was pushed into the master branch but not yet published.

Server-Side Request Forgery (SSRF)

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information.

How to fix Server-Side Request Forgery (SSRF)?

A fix was pushed into the master branch but not yet published.

Go back to all versions of this package