github/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2026-05-11 02:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
penpot/mcp/packages
History
Andrey Antukh 798ee46b4a 🐛 Bind MCP ReplServer to localhost to prevent unauthenticated RCE 
The ReplServer Express app was calling `app.listen(port)` with no host
argument, causing Node/Express to default to binding on all interfaces
(0.0.0.0). Combined with the unauthenticated /execute endpoint, any
network peer could POST arbitrary JS and get it run inside the MCP
process.

Fix: add a `host` parameter (default "localhost") to the ReplServer
constructor and pass it to `app.listen`. The call site in
PenpotMcpServer now forwards `this.host` (sourced from
PENPOT_MCP_SERVER_HOST env var, default "localhost"), so environment-
variable overrides continue to work.

Signed-off-by: Andrey Antukh <niwi@niwi.nz>
2026-05-07 12:59:31 +02:00
..
common
Backport MCP from staging (part 1)
2026-04-20 19:37:02 +02:00
plugin
Backport MCP from staging (part 1)
2026-04-20 19:37:02 +02:00
server
🐛 Bind MCP ReplServer to localhost to prevent unauthenticated RCE
2026-05-07 12:59:31 +02:00