3 matches found
CVE-2025-53107 @cyanheads/git-mcp-server vulnerable to command injection in several tools
@cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...
CVE-2025-53107 @cyanheads/git-mcp-server vulnerable to command injection in several tools
@cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...
CVE-2025-53107
CVE-2025-53107 affects the Serverless/MCP server package used by cyanheads/git-mcp-server. The vulnerability is a command injection in which input parameters are unsafely incorporated into shell commands via child_process.exec, enabling an attacker to inject arbitrary commands and potentially ach...