npm package
mcp-remote
pkg:npm/mcp-remote
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-6514 | Cri | 9.6 | >= 0.0.5, < 0.1.16 | 0.1.16 | Jul 9, 2025 | mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL |
- affected >= 0.0.5, < 0.1.16fixed 0.1.16
mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL