Fetch-mcp is a lightweight, open-source HTTP client library used to simplify HTTP requests. This vulnerability allows attackers to bypass private IP validation and access internal network resources by sending maliciously crafted requests.
Fetch-mcp is a lightweight, open-source HTTP client library used to simplify HTTP requests. This vulnerability allows attackers to bypass private IP validation and access internal network resources by sending maliciously crafted requests.
Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
To fix this vulnerability, upgrade to fetch-mcp v1.0.3 or later. You can do this by running:
Alternatively, you can apply immediate mitigations without upgrading immediately:
fetch option to use a proxy server that restricts access to internal network resources.