Primary

Context

LaChatterie Verger Deserialization Vulnerability in OAuth Provider

Vulnerability

A deserialization vulnerability has been identified in LaChatterie Verger versions through 1.2.10. The issue arises in the 'redirectToAuthorization' function within '/src/main/services/mcp/oauth/provider.ts', where the 'URL' argument is manipulated, allowing for remote exploitation. This vulnerability has been publicly disclosed and is associated with authentication bypass, leading to arbitrary OS command injection on the client's host machine.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Reproduction

The vulnerability can be reproduced by manipulating the 'URL' argument in the 'redirectToAuthorization' function. This can be done by embedding a payload in the URL's authentication field, which is then passed to an insecure open function, bypassing validation and executing arbitrary commands on the host machine.

Added: Oct 4, 2025, 11:17 PM

Updated: Oct 4, 2025, 11:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LaChatterie Verger Deserialization Vulnerability in OAuth Provider

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating