A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protocol Handler. The manipulation of the argument URL leads to server-side request forgery.
The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates.
As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products
mixelpixx:google-research-mcp
References 4
https://vuldb.com/vuln/355074
VDB-355074 | mixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent server-side request forgery
https://vuldb.com/vuln/355074/cti
VDB-355074 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/submit/781778
Submit #781778 | mixelpixx google-search-mcp 0.1.0 Server-Side Request Forgery
https://github.com/wing3e/public_exp/issues/21
NVD