Soumettre #631697: mcp-cli 1.13.0 OS Command Injectioninformation

Titremcp-cli 1.13.0 OS Command Injection
Descriptionmcp-cli is a CLI MCP client. Until its version of v1.13.0, mcp-cli is vulnerable to Remote Code Execution (RCE) when user connects to a malicious remote MCP server in HTTP Streamable mode. Attackers can setup a MCP server with compatable OAuth authorization server endpoints and trick victims into connecting it, leading to OS command execution in vulnerable clients.
La source⚠️ https://gist.github.com/superboy-zjc/a01bd059c4078249d899f8c70c8feb0e
Utilisateur
 Gavin Zhong (UID 84092)
Soumission11/08/2025 05:01 (il y a 9 mois)
Modérer20/08/2025 16:06 (9 days later)
StatutAccepté
Entrée VulDB320804 [wong2 mcp-cli 1.13.0 oAuth /src/oauth/provider.js redirectToAuthorization élévation de privilèges]
Points18

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!