8 matches found
CVE-2025-14204
A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...
CVE-2025-14204
A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...
CVE-2025-14204 TykoDev cherry-studio-TykoFork OAuth Server Discovery oauth-authorization-server redirectToAuthorization os command injection
A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...
CVE-2025-14204
Summary of CVE-2025-14204 : TykoDev cherry-studio-TykoFork 0.1 is affected by an OS command injection in the OAuth Server Discovery flow. The vulnerability resides in the function redirectToAuthorization of the file /.well-known/oauth-authorization-server, where improper handling of the authoriza...
CVE-2025-10619
A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection. Remote exploitation of the...
CVE-2025-10619 sequa-ai sequa-mcp OAuth Server Discovery node-oauth-client-provider.ts redirectToAuthorization os command injection
A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection. Remote exploitation of the...
Sequa MCP 操作系统命令注入漏洞
Sequa MCP is an open source MCP protocol entry point for sequa.ai. Sequa MCP 1.0.13 and earlier versions have an operating system command injection vulnerability that originates from the redirectToAuthorization function in the src/helpers/node-oauth-client-provider.ts file in the OAuth Server...
PT-2025-38278
Name of the Vulnerable Software and Affected Versions: sequa-ai sequa-mcp versions prior to 1.0.14 Description: A vulnerability exists in the redirectToAuthorization function within the OAuth Server Discovery component, specifically in the file src/helpers/node-oauth-client-provider.ts...