This page collects WhisperX intelligence signals tagged #DNS Rebinding. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
JetBrains Kotlin MCP SDK 的一个关键安全漏洞已被修复。该漏洞源于 DNS 重绑定保护功能在默认情况下被禁用,导致所有 HTTP 传输层以及特定的 SSE 端点(`Route.mcp()`)完全暴露于攻击之下。此漏洞与 Model Context Protocol TypeScript SDK 中先前披露的高危漏洞(GHSA-w48q-cv73-mx4w)性质完全相同,凸显了跨语言实现中一致的安全风险。 此次修复的核心是引入了一个新的 `DnsRebindingProtection` Ktor 路由作用域插件,并将其默认启用。这意味着所有使用 `mcpStreamableHttp` 或 `mcpStatele...
A critical security vulnerability in the popular Langchain-OpenAI library exposes AI applications to server-side request forgery (SSRF) and DNS rebinding attacks. The flaw, tracked as GHSA-r7w7-9xr2-qq2r, resides in the `_url_to_size()` helper function, a core component used for counting image tokens in AI message proc...