GHSA-9pw5-wx67-q964

Source

https://github.com/advisories/GHSA-9pw5-wx67-q964

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-9pw5-wx67-q964/GHSA-9pw5-wx67-q964.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9pw5-wx67-q964

Aliases

CVE-2025-10619

Published

2025-09-17T21:30:43Z

Modified

2025-09-18T20:57:19.739419Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator

Summary

@sequa-ai/sequa-mcp has Command Injection vulnerability

Details

A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. Upgrading to version 1.0.14 is able to mitigate this issue. The patch is named e569815854166db5f71c2e722408f8957fb9e804. It is recommended to upgrade the affected component. The vendor explains: "We only promote that mcp server with our own URLs that have a valid response, but yes if someone would use it with a non sequa url, this is a valid attack vector. We have released a new version (1.0.14) that fixes this and validates that only URLs can be opened."

Database specific

{
    "nvd_published_at": "2025-09-17T21:15:37Z",
    "severity": "LOW",
    "cwe_ids": [
        "CWE-77"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-18T19:54:57Z"
}

References

Affected packages

npm / @sequa-ai/sequa-mcp

Package

Name: @sequa-ai/sequa-mcp; View open source insights on deps.dev
Purl: pkg:npm/%40sequa-ai/sequa-mcp

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.14