marimo vulnerable to proxy abuse of /mpl/{port}/
The /mpl/<port>/<route> endpoint, which is accessible without authentication on default Marimo installations allows for external attackers to reach internal services and arbitrary ports.
Advisories for Pypi/Marimo package
2025