GHSA-xjv7-6w92-42r7: 
Python vulnerability analysis and mitigation

The vulnerability (GHSA-xjv7-6w92-42r7) affects the Marimo Python package, specifically versions >0.9.20 and <0.16.4. The issue involves an unauthenticated proxy endpoint (/mpl/{port}/) that allows external attackers to access internal services and arbitrary ports on systems running Marimo installations. The vulnerability was discovered by devgi and further investigated by acepace, with a patch released in version 0.16.4 (GitHub Advisory).

The vulnerability exists in the /mpl/{port}/ endpoint, which was designed to provide access to interactive matplotlib visualizations. This endpoint functions as an unauthenticated proxy that can connect to any service running on the local machine through specified ports. The vulnerability is classified as CWE-441 (Unintended Proxy or Intermediary) with a CVSS v4 score of 6.9 (Moderate severity). The attack vector is network-based with low complexity, requiring no privileges or user interaction (GitHub Advisory).

The vulnerability enables attackers to bypass firewalls and access internal services intended to be local-only. Scans of public-facing Marimo servers revealed exposure of sensitive services including CUPS servers (potentially allowing print job access and RCE), phpMyAdmin interfaces (exposing database access), and RPCMapper (enabling network reconnaissance). The issue affects numerous production environments, including instances hosted on cloud platforms like AWS GovCloud (GitHub Advisory).

The vulnerability has been patched in Marimo version 0.16.4. The fix involves refactoring the MPL proxy endpoint and implementing proper authentication checks. Users should upgrade to version 0.16.4 or later to protect against this vulnerability (GitHub Release).