Skip to content

MCP TypeScript SDK UriTemplate Class ReDoS #1334

New issue
New issue
Open
Open
MCP TypeScript SDK UriTemplate Class ReDoS#1334
Labels
bugSomething isn't working
@wadesparks

Description

@wadesparks
wadesparks
opened on Dec 23, 2025

Describe the bug
The UriTemplate class in the MCP TypeScript SDK is vulnerable to a Regular Expression Denial of Service (ReDoS) condition when processing RFC 6570 URI Template exploded array patterns (e.g., {/id*}, {?tags*}).
The vulnerability is caused by catastrophic backtracking in a dynamically generated regular expression used during URI matching. An attacker can supply a specially crafted URI that causes excessive CPU consumption, leading to a denial of service.

To Reproduce
Steps to reproduce the behavior:

  1. Create a URI template that uses an exploded array pattern, such as:
const template = new UriTemplate('/users{/id*}');
  1. Construct a malicious URI consisting of many comma-separated values followed by a failing character:
const maliciousPayload =
  '/users/' + 'user1,user2,user3,'.repeat(10) + 'userX/';
  1. Call the match() method with the malicious URI:
template.match(maliciousPayload);
  1. Observe the Node.js process consuming 100% CPU and becoming unresponsive.

Expected behavior
The URI matching operation should complete in predictable, linear time or fail gracefully when presented with malformed or unexpected input, without causing excessive CPU usage or service degradation.

Logs
No application logs are required to observe the issue. The vulnerability manifests as sustained high CPU usage and a blocked event loop during execution of uriTemplate.match().

Additional context

  • Root cause:
    The vulnerable regular expression generated for exploded patterns is: 
    ([^/]+(?:,[^/]+)*)
    This expression contains nested quantifiers that allow ambiguous matching paths. When input nearly matches but fails at the end (e.g., due to a trailing slash), the regex engine performs exponential backtracking.
  • Affected code paths:
    • typescript-sdk/src/shared/uriTemplate.ts
    • partToRegExp() (approximately lines 223–271)
    • UriTemplate.match()
  • Attack vector: The issue is reachable via the MCP server’s ReadResourceRequestSchema handler when attacker-controlled URIs are matched against registered templates.
  • Impact: Successful exploitation results in Denial of Service, causing the Node.js process to hang or crash and rendering the service unavailable to all clients.
  • Mitigation: Update the regex to eliminate ambiguity by excluding commas from inner repetitions.
    • Vulnerable:
    ([^/]+(?:,[^/]+)*)
    • Safe
    ([^/,]+(?:,[^/,]+)*)

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions