Homepage

ebay-mcp@1.6.2 vulnerabilities

Local MCP server for eBay APIs - provides access to eBay developer functionality through MCP (Model Context Protocol)

  • latest version

    1.7.2

  • first published

    3 months ago

  • latest version published

    17 days ago

  • licenses detected

  • View ebay-mcp package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the ebay-mcp package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    CRLF Injection

    ebay-mcp is a Local MCP server for eBay APIs - provides access to eBay developer functionality through MCP (Model Context Protocol)

    Affected versions of this package are vulnerable to CRLF Injection via the updateEnvFile() function of the ebay_set_user_tokens tool. An attacker can inject arbitrary environment variables into the configuration file by supplying values containing newlines or quotes, potentially overwriting critical settings, hijacking OAuth flows, causing denial of service, or enabling remote code execution in certain environments.

    How to fix CRLF Injection?

    A fix was pushed into the master branch but not yet published.

    *
    Go back to all versions of this package