fix: all mcp protocol endpoints (/sse, /message, /mc... in sse.ts#3852
fix: all mcp protocol endpoints (/sse, /message, /mc... in sse.ts#3852orbisai0security wants to merge 1 commit intomodelcontextprotocol:mainfrom
Conversation
Automated security fix generated by Orbis Security AI
|
Thanks, but closing this. The everything server is a reference/demo implementation — authentication on transports is intentionally left to the deployer per the MCP authorization spec, which delegates auth to the transport layer. Adding hardcoded middleware here would obscure the reference behavior we want users to learn from. Automated scanner findings against reference servers don't generally indicate real vulnerabilities; they should be evaluated in the context of the server's purpose. If you believe there's a real spec-level concern, please open an issue with details first so it can be discussed. |
|
Totally fair, thanks for the context. I agree that the everything server is a reference/demo, and auth should be handled by the deployer at the transport layer per the spec, so hardcoding middleware here would be misleading. I’ll treat the scanner hit as informational and, if it’s useful, open an issue proposing a prominent docs note/example for how to front these endpoints with auth in real deployments. |
cliffhall
added
bug
3 participants
Summary
Fix critical severity security issue in
src/everything/transports/sse.ts.Vulnerability
V-004src/everything/transports/sse.ts:26Description: All MCP protocol endpoints (/sse, /message, /mcp) lack authentication middleware, allowing any network attacker to invoke MCP tools without proving their identity. While OAuth mechanisms exist in the codebase, there is no evidence of enforcement on these critical endpoints that handle filesystem operations, knowledge graph modifications, and fetch requests.
Changes
src/everything/transports/sse.tsVerification
Automated security fix by OrbisAI Security