whtan410/mcp_server
highNo description
This MCP server provides a FastAPI-based API for accessing Sketchfab 3D models, adapting learning styles, and handling speech-related functionality. I...
// Source file not analyzed: routers/learningstyle_router.py
// Finding inferred from import chain: main.py:4 → routers/learningstyle_router.py:1
// Network-exposed MCP; exploitable by any attacker sending requests to the API.
The learning style adaptation endpoint accepts arbitrary JSON input without schema validation. This could allow injection of malicious data that might be processed unsafely (e.g., used in database queries or file operations). The lack of input validation is a finding because the purpose is constrained to learning style adaptation, but arbitrary input could lead to unexpected behavior.
ImpactAn attacker could send crafted payloads that might cause injection attacks (e.g., NoSQL injection if using MongoDB, or command injection if style is used in shell commands). This could lead to data corruption, unauthorized access, or code execution.
FixUse Pydantic models to validate input structure and types. Sanitize and validate all fields before processing.
// Source file not analyzed: routers/sketchfab_router.py
// Finding inferred from import chain: main.py:4 → routers/sketchfab_router.py:1
// Network-exposed MCP; exploitable by any attacker sending requests to the API.
The Sketchfab router likely constructs a URL from user-supplied model_id without validation, allowing SSRF if the API endpoint is changed or if the model_id contains path traversal or protocol manipulation. Since the server is network-exposed, an attacker could potentially redirect requests to internal services.
ImpactAn attacker could exploit SSRF to scan internal networks, access cloud metadata endpoints, or interact with other internal services, potentially leading to information disclosure or further compromise.
FixValidate model_id against a strict pattern (e.g., alphanumeric and hyphens only). Use a fixed base URL and avoid user-controlled URL construction. Consider using an allowlist of allowed hosts.
// Source file not analyzed: routers/speech_router.py
// Finding inferred from import chain: main.py:4 → routers/speech_router.py:1
// Network-exposed MCP; exploitable by any attacker sending requests to the API.
The speech processing endpoint accepts arbitrary JSON without validation. If the text field is used in any system commands or external API calls without sanitization, it could lead to injection attacks. The purpose is speech processing, but arbitrary input could be exploited.
ImpactAn attacker could inject malicious text that might be executed as a command or trigger unintended behavior in downstream systems, potentially leading to code execution or data leakage.
FixValidate input using Pydantic models. Sanitize text to prevent injection if used in shell commands or external calls.