An7Y

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** An incomplete mitigation allows for a bypass when a URL contains the string "%action". For certain browser types, this can lead to command injection into the underlying shell via the `webbrowser.open()` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions**: FastMCP versions prior to 3.2.0 **Description**: FastMCP is susceptible to a Confused Deputy issue within its GitHubProvider OAuth integration. The OAuthProxy component fails to properly validate user consent when receiving authorization codes from GitHub. This, combined with GitHub's practice of skipping consent pages for previously authorized clients, allows an attacker to potentially gain unauthorized access to a victim's account. An attacker initiates an authentication flow, captures the GitHub authorization URL, and then lures a victim who is already logged into GitHub and has previously authorized a client to open this URL. The victim's browser is then redirected to the attacker's client with a valid authorization code, enabling the attacker to obtain an access token for the benign MCP server associated with the victim's GitHub account. The vulnerable component is the `OAuthProxy. handle idp callback` function. The issue stems from the OAuthProxy callback handler not verifying that the browser issuing the callback request is the same one that provided consent. **Recommendations**: Update to FastMCP version 3.2.0 or later.

**Name of the Vulnerable Software and Affected Versions** CPython (affected versions not specified) **Description** The `webbrowser.open()` API accepted leading dashes in URLs, which could be interpreted as command line options by certain web browsers. This behavior has been modified to reject leading dashes. The issue involves the potential for command execution through crafted URLs passed to the `webbrowser.open()` function. The vulnerable component is the `webbrowser.open()` API endpoint. The vulnerable parameter is the URL passed to the `webbrowser.open()` function. **Recommendations** Sanitize URLs prior to passing them to the `webbrowser.open()` function.