-
Notifications
You must be signed in to change notification settings - Fork 362
Closed
Labels
help wantedContributions welcome from those familiar with codebase. Comment first to say you're working on itContributions welcome from those familiar with codebase. Comment first to say you're working on it
Milestone
Description
https://verialabs.com/blog/from-mcp-to-shell documents some attacks that arise from trusting the authentication URLs served by MCP servers.
We should fix this along the lines of modelcontextprotocol/typescript-sdk#877, by preventing certain URL schemes.
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
help wantedContributions welcome from those familiar with codebase. Comment first to say you're working on itContributions welcome from those familiar with codebase. Comment first to say you're working on it