GHSA-g5cg-6c7v-mmpw

Impact

A Server-Side Request Forgery (SSRF) vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could exploit this vulnerability by passing arbitrary hackmdApiUrl values through HTTP headers (Hackmd-Api-Url) or base64-encoded JSON query parameters. This allows malicious users to:

• Redirect API calls to internal network services
• Potentially access sensitive internal endpoints
• Perform network reconnaissance through the server
• Bypass network access controls

The vulnerability affects the HTTP transport mode specifically - stdio mode is not impacted as it only accepts requests from stdio.

Patches

The vulnerability has been patched in version 1.5.0. Users should:

1. Update to the latest version of the HackMD MCP server
2. Set the ALLOWED_HACKMD_API_URLS environment variable to restrict allowed HackMD API endpoints
3. If not set, the server will default to only allowing the official HackMD API URL (https://api.hackmd.io/v1)

Example configuration:

ALLOWED_HACKMD_API_URLS=https://api.hackmd.io/v1,https://your-hackmd-instance.com/api/v1

Workarounds

Users can mitigate this vulnerability without upgrading by:

1. Use stdio mode instead of HTTP mode: Set TRANSPORT=stdio or remove the TRANSPORT environment variable to disable HTTP mode entirely
2. Network-level restrictions: Use firewall rules or network policies to restrict outbound connections from the server
3. Reverse proxy filtering: Place the MCP server behind a reverse proxy that validates and filters both the Hackmd-Api-Url header and the base64-encoded JSON config query parameter to prevent malicious hackmdApiUrl values

References

• OWASP Server-Side Request Forgery Prevention Cheat Sheet
• HackMD MCP Server Documentation