{"url":"http://public2.vulnerablecode.io/api/packages/1004304?format=json","purl":"pkg:npm/mcp-framework@0.2.3","type":"npm","namespace":"","name":"mcp-framework","version":"0.2.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.2.22","latest_non_vulnerable_version":"0.3.0-beta.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15397?format=json","vulnerability_id":"VCID-9faq-vs9e-vyh2","summary":"MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport\n### Summary\n\nThe `readRequestBody()` function in `src/transports/http/server.ts` concatenates HTTP request body chunks into a string with no size limit, allowing a remote unauthenticated attacker to crash the server via memory exhaustion with a single large HTTP POST request.\n\n### Details\n\n**File:** `src/transports/http/server.ts`, lines 224-240\n\n```typescript\nprivate async readRequestBody(req: IncomingMessage): Promise<any> {\n    return new Promise((resolve, reject) => {\n      let body = '';\n      req.on('data', (chunk) => {\n        body += chunk.toString();   // No size limit\n      });\n      req.on('end', () => {\n        try {\n          const parsed = body ? JSON.parse(body) : null;\n          resolve(parsed);\n        } catch (error) {\n          reject(error);\n        }\n      });\n      req.on('error', reject);\n    });\n  }\n```\n\nA `maxMessageSize` configuration value exists in `DEFAULT_HTTP_STREAM_CONFIG` (4MB, defined in `src/transports/http/types.ts` line 124) but is never enforced in `readRequestBody()`. This creates a false sense of security.\n\n### PoC\n\nLocal testing with 50MB POST payloads against the vulnerable `readRequestBody()` function:\n\n| Trial | Payload | RSS growth | Time | Result |\n|-------|---------|-----------|------|--------|\n| 1 | 50MB | +197MB | 42ms | Vulnerable |\n| 2 | 50MB | +183MB | 46ms | Vulnerable |\n| 3 | 50MB | +15MB | 43ms | Vulnerable |\n| 4 | 50MB | +14MB | 32ms | Vulnerable |\n| 5 | 50MB | +65MB | 38ms | Vulnerable |\n\nReproducibility: 5/5 (100%)\n\n### Impact\n\n- **Denial of Service:** Any mcp-framework HTTP server can be crashed by a single large POST request to /mcp\n- **No authentication required:** readRequestBody() executes before any auth checks (auth is opt-in, default is no auth)\n- **Dead config:** maxMessageSize exists but is never enforced, giving a false sense of security\n- **Affected:** All applications using mcp-framework HttpStreamTransport (60,000 weekly npm downloads)\n\n**CWE-770:** Allocation of Resources Without Limits or Throttling\n**Suggested CVSS 3.1:** 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n### Suggested Fix\n\nEnforce `maxMessageSize` in `readRequestBody()`:\n\n```typescript\nprivate async readRequestBody(req: IncomingMessage): Promise<any> {\n    const maxSize = this._config.maxMessageSize || 4 * 1024 * 1024;\n    return new Promise((resolve, reject) => {\n      let body = '';\n      let size = 0;\n      req.on('data', (chunk) => {\n        size += chunk.length;\n        if (size > maxSize) {\n          req.destroy();\n          reject(new Error('Request body too large'));\n          return;\n        }\n        body += chunk.toString();\n      });\n      // ...\n    });\n  }\n```\n\n### Disclosure Timeline\n\nThis report follows coordinated disclosure. I request a 90-day window before public disclosure.\n\n**Reporter:** Raza Sharif, CyberSecAI Ltd (contact@agentsign.dev)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39313","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20867","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39313"},{"reference_url":"https://github.com/QuantGeekDev/mcp-framework","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/QuantGeekDev/mcp-framework"},{"reference_url":"https://github.com/QuantGeekDev/mcp-framework/commit/f97d2bb76d6359faf10cd1fc54b4911476b62524","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-17T18:45:58Z/"}],"url":"https://github.com/QuantGeekDev/mcp-framework/commit/f97d2bb76d6359faf10cd1fc54b4911476b62524"},{"reference_url":"https://github.com/QuantGeekDev/mcp-framework/security/advisories/GHSA-353c-v8x9-v7c3","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-17T18:45:58Z/"}],"url":"https://github.com/QuantGeekDev/mcp-framework/security/advisories/GHSA-353c-v8x9-v7c3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39313","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39313"},{"reference_url":"https://github.com/advisories/GHSA-353c-v8x9-v7c3","reference_id":"GHSA-353c-v8x9-v7c3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-353c-v8x9-v7c3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45351?format=json","purl":"pkg:npm/mcp-framework@0.2.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mcp-framework@0.2.22"},{"url":"http://public2.vulnerablecode.io/api/packages/1004352?format=json","purl":"pkg:npm/mcp-framework@0.3.0-beta.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mcp-framework@0.3.0-beta.1"}],"aliases":["CVE-2026-39313","GHSA-353c-v8x9-v7c3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9faq-vs9e-vyh2"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mcp-framework@0.2.3"}