Name of the Vulnerable Software and Affected Versions:

wong2 mcp-cli version 1.13.0

Description:

A flaw has been identified in the `redirectToAuthorization` function within the oAuth Handler component, specifically in the file `/src/oauth/provider.js`. This manipulation results in OS command injection, potentially allowing remote execution of commands. The attack is considered to have high complexity and is reportedly difficult to exploit. The exploit has been published and may be utilized. The vendor was contacted regarding this disclosure but did not respond.

Recommendations:

Update to a version with commit 3562966 or later. As a temporary workaround, consider disabling the `redirectToAuthorization` function until a patch is available.