{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "MCP download_media tool via stdio JSON-RPC tools/call with URL http://[::ffff:127.0.0.1]:18080/",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": ["auth-fetch-mcp MCP server (node dist/index.js)", "Playwright Chromium headless shell", "internal HTTP victim server on 127.0.0.1:18080"],
  "proof_artifacts": [
  "logs/vulnerable_test.log",
  "logs/vulnerable_result.json",
  "logs/vulnerable_victim_server.log",
  "logs/vulnerable_mcp_stdout.log",
  "logs/vulnerable_mcp_requests.log",
  "logs/fixed_test.log",
  "logs/fixed_result.json",
  "logs/fixed_victim_server.log",
  "logs/fixed_mcp_stdout.log",
  "logs/fixed_mcp_requests.log"
],
  "vulnerable_version": "v3.0.1 (commit 98f381d)",
  "fixed_version": "v3.0.2 (commit d4dedaf, fix commit 177ec5f)",
  "vulnerable_ssrf_confirmed": true,
  "fixed_ssrf_blocked": true,
  "ssrf_marker": "SSRF_SECRET_MARKER_1783015602673_hgnjlkyh",
  "notes": "Vulnerable v3.0.1: MCP download_media tool fetched http://[::ffff:127.0.0.1]:18080/ - internal server received request and file was downloaded with secret marker. Fixed v3.0.2: assertSafeUrl correctly rejects hex-normalized ::ffff:7f00:1 with 'Refusing to fetch' error."
}
