FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page (oauth_callback.py) where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScript execution in the callback server origin. The issue is fixed in version 2.13.0.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XJlowin Fastmcp
APPJlowin< 2.13.0
Powiązane podatności
FastMCP: path traversal i SSRF przez niekodowane parametry ścieżki URL
FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the Git...
FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not ...
FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containi...
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection...