VYPR

npm package

mcp-remote

pkg:npm/mcp-remote

Vulnerabilities (1)

  • CVE-2025-6514CriJul 9, 2025
    affected >= 0.0.5, < 0.1.16fixed 0.1.16

    mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL