{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "MCP download_media tool via stdio JSON-RPC tools/call with a PUBLIC url that 302-redirects to http://127.0.0.1:18080/",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": ["auth-fetch-mcp MCP server (node dist/index.js)", "Playwright Chromium headless shell (APIRequestContext)", "internal HTTP victim server on 127.0.0.1:18080", "public 302 redirector http://httpbin.org/redirect-to"],
  "vulnerable_version": "v3.0.1 (commit 98f381d1298b6b7e7ff29d7a7851f18ea5f2364c)",
  "fixed_version": "v3.0.2 (commit d4dedaf55c1d39228dbed58807ea1f9fac1328e1, fix commit 177ec5f)",
  "latest_version": "origin/main (commit a4b92452dc9332fb4063225f3d8842f3602a54a3)",
  "vulnerable_redirect_ssrf_confirmed": true,
  "fixed_redirect_ssrf_confirmed": true,
  "latest_redirect_ssrf_confirmed": true,
  "fixed_control_direct_loopback_blocked": true,
  "fixed_variant_redirect_ssrf": true,
  "redirector_url": "http://httpbin.org/redirect-to?url=http%3A%2F%2F127.0.0.1%3A18080%2F&status_code=302",
  "bypass_class": "redirect-following without re-validation of redirect targets through assertSafeUrl()",
  "notes": "On the FIXED v3.0.2 server the direct control URL http://127.0.0.1:18080/ is correctly blocked by assertSafeUrl() (Refusing to fetch), but the public 302-redirect variant reaches the loopback victim and downloads its content (marker present). Same on latest main. Proves the 177ec5f fix does not cover redirect targets."
}
