GHSA-6XPM-GGF7-WC3P mcp-remote exposed to OS command injection via untrusted MCP server connections
mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorizationendpoint response URL...