Sequa-AI Sequa-MCP OS Command Injection Vulnerability in OAuth Server Discovery Component

A critical OS command injection vulnerability has been identified in Sequa-AI Sequa-MCP versions through 1.0.13. The issue arises in the OAuth Server Discovery component, specifically within the 'redirectToAuthorization' function of 'src/helpers/node-oauth-client-provider.ts'. The vulnerability allows remote exploitation by injecting commands that are executed on the host machine.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution on the client's host machine.

Reproduction

To reproduce this vulnerability, use Sequa-MCP version 1.0.13 or earlier and configure it to connect to an OAuth server that responds with a valid authorization endpoint URL. Once the application receives the URL, it will pass it directly to an open function without proper validation. An attacker can exploit this by crafting a URL that includes a payload in the authentication field, which will be executed as a command on the host machine.

Remediation

Upgrade to Sequa-MCP version 1.0.14, which includes a patch that validates authorization URLs before they are opened. The patched version is available on the project's GitHub repository.