In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Server-side Request Forgery (SSRF) vulnerabilities in an interactive lesson.
Start learningUpgrade @apify/actors-mcp-server to version 0.10.11 or higher.
@apify/actors-mcp-server is an Apify MCP Server
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the webServerMcpPath field in the Actor definition, which is concatenated with a trusted base URL without proper validation. An attacker can cause sensitive authorization tokens to be sent to an arbitrary server by publishing a crafted Actor with a malicious webServerMcpPath value, resulting in exfiltration of credentials during outbound HTTP requests.