Skip to content

upgrade go-sdk to v1.3.1 to fix parser differential vulnerability#418

Merged
slimslenderslacks merged 1 commit intodocker:mainfrom
slimslenderslacks:json-unmarshal-bug
Feb 19, 2026
Merged

upgrade go-sdk to v1.3.1 to fix parser differential vulnerability#418
slimslenderslacks merged 1 commit intodocker:mainfrom
slimslenderslacks:json-unmarshal-bug

Conversation

@slimslenderslacks
Copy link
Collaborator

@slimslenderslacks slimslenderslacks commented Feb 19, 2026

This commit upgrades the modelcontextprotocol/go-sdk dependency from v1.2.0 to v1.3.1 to address a critical security vulnerability (Parser Differential) that allowed MCP message smuggling via case-insensitive JSON field matching.

Changes:

  • Upgraded go-sdk from v1.2.0 to v1.3.1 in go.mod
  • Upgraded google/jsonschema-go from v0.3.0 to v0.4.2 (transitive)
  • Added security regression tests (pkg/security_test.go)

Vulnerability Details:
The vulnerability allowed attackers to bypass authorization by sending JSON messages with duplicate fields in different cases (e.g., "name" and "Name"). Go's standard json.Unmarshal is case-insensitive, causing capitalized fields to overwrite lowercase fields, enabling message smuggling attacks.

Attack scenario:

  1. Edge proxy validates lowercase "name" = "authorized-tool" ✓
  2. Attacker smuggles "Name" = "malicious-tool" in same message
  3. Gateway's case-insensitive parsing overwrites with malicious value
  4. Backend executes "malicious-tool" ✗ Authorization bypassed

The Fix (go-sdk v1.3.1):

  • Introduces internal/json package using github.com/segmentio/encoding/json
  • Calls DontMatchCaseInsensitiveStructFields() for case-sensitive matching
  • All SDK unmarshaling now uses internaljson.Unmarshal
  • Complies with JSON-RPC 2.0 specification requirement for case-sensitivity
  • Blocks message smuggling attacks

Security Tests:

  • TestMessageSmugglingVulnerability: Demonstrates the vulnerability
  • TestGoSDKv131Fix: Documents how the fix works
  • TestJSONRPC20Compliance: Verifies spec compliance
  • TestConfusedDeputyPrevention: Explains attack pattern
  • TestRegressionDocumentation: Comprehensive CVE documentation

All tests pass, confirming the exploit is blocked after upgrade.

Impact:
✓ Message smuggling attacks blocked
✓ JSON-RPC 2.0 spec compliance achieved
✓ Authorization bypass prevented
✓ All MCP message types protected (tools/call, prompts/get, resources/read)

What I did

Related issue

(not mandatory) A picture of a cute animal, if possible in relation to what you did

@slimslenderslacks slimslenderslacks requested a review from a team as a code owner February 19, 2026 04:04
tuna-docker
tuna-docker previously approved these changes Feb 19, 2026
View reviewed changes
@slimslenderslacks
security: upgrade go-sdk to v1.3.1 to fix parser differential vulnera…
caf4ff7 
…bility

This commit upgrades the modelcontextprotocol/go-sdk dependency from v1.2.0
to v1.3.1 to address a critical security vulnerability (Parser Differential)
that allowed MCP message smuggling via case-insensitive JSON field matching.

Changes:
- Upgraded go-sdk from v1.2.0 to v1.3.1 in go.mod
- Upgraded google/jsonschema-go from v0.3.0 to v0.4.2 (transitive)
- Added security regression tests (pkg/security_test.go)

Vulnerability Details:
The vulnerability allowed attackers to bypass authorization by sending JSON messages with
duplicate fields in different cases (e.g., "name" and "Name"). Go's standard
json.Unmarshal is case-insensitive, causing capitalized fields to overwrite
lowercase fields, enabling message smuggling attacks.

Attack scenario:
1. Edge proxy validates lowercase "name" = "authorized-tool" ✓
2. Attacker smuggles "Name" = "malicious-tool" in same message
3. Gateway's case-insensitive parsing overwrites with malicious value
4. Backend executes "malicious-tool" ✗ Authorization bypassed

The Fix (go-sdk v1.3.1):
- Introduces internal/json package using github.com/segmentio/encoding/json
- Calls DontMatchCaseInsensitiveStructFields() for case-sensitive matching
- All SDK unmarshaling now uses internaljson.Unmarshal
- Complies with JSON-RPC 2.0 specification requirement for case-sensitivity
- Blocks message smuggling attacks

Security Tests:
- TestMessageSmugglingVulnerability: Demonstrates the vulnerability
- TestGoSDKv131Fix: Documents how the fix works
- TestJSONRPC20Compliance: Verifies spec compliance
- TestConfusedDeputyPrevention: Explains attack pattern
- TestRegressionDocumentation: Comprehensive CVE documentation

All tests pass, confirming the exploit is blocked after upgrade.

Impact:
✓ Message smuggling attacks blocked
✓ JSON-RPC 2.0 spec compliance achieved
✓ Authorization bypass prevented
✓ All MCP message types protected (tools/call, prompts/get, resources/read)
@slimslenderslacks slimslenderslacks merged commit 0ca44f4 into docker:main Feb 19, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@saucow saucow saucow approved these changes

@tuna-docker tuna-docker tuna-docker approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@slimslenderslacks @saucow @tuna-docker