OS command injection in mcp-remote when connecting to untrusted MCP servers
[0.0.5, 0.1.15]
mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint
response URL
The vulnerability can be triggered by a malicious MCP server that provides the following authorization_endpoint
URL -
file:/c:/windows/system32/calc.exe
No mitigations are supplied for this issue