CVE-2025-6514: mcp-remote exposed to OS command injection via untrusted MCP server connections

The analysis of the provided security patch (commit 607b226a356cb61a239ffaba2fb3db1c9dea4bac) reveals that the vulnerability lies within the sanitizeUrl function in src/lib/utils.ts. The vulnerability description states that the issue is an OS command injection via crafted input from an authorization_endpoint response. The commit message, "Forcibly escape username/pass for basic auth URLs too," and the code changes directly point to a lack of sanitization for the username and password parts of a URL. The patch adds encodeURIComponent to these fields, which fixes the vulnerability. Therefore, the sanitizeUrl function is identified as the vulnerable function because, prior to the patch, it would process a malicious URL without escaping characters that could be interpreted by the shell, leading to command execution. A runtime profiler would show this function being called when the application processes the malicious authorization_endpoint URL, making it a key indicator for detecting exploitation of this CVE.