15 matches found
Directory Traversal
mcp-server-git is vulnerable to Directory Traversal. The vulnerability is due to the gitinit tool accepting arbitrary filesystem paths and creating Git repositories without validating the target location, where an attacker can exploit this to create repositories at arbitrary locations, and...
CVE-2026-27735
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...
GHSA-VJQX-CFC4-9H6V mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries
In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...
CVE-2025-68144
In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...
EUVD-2025-204002
mcp-server-git has missing path validation when using --repository flag...
mcp-server-git has missing path validation when using --repository flag
In mcp-server-git versions prior to 2025.12.18, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...
Arbitrary Argument Injection
Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Arbitrary Argument Injection via the gitdiff and gitcheckout functions. An attacker can...
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
In mcp-server-git versions prior to 2025.12.18, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...
EUVD-2025-204003
mcp-server-git argument injection in gitdiff and gitcheckout functions allows overwriting local files...
CVE-2025-68145 mcp-server-git has missing path validation when using --repository flag
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...
CVE-2025-68145
CVE-2025-68145 affects mcp-server-git. Prior to 2025.12.17, when started with --repository to constrain to a single repo, the server did not validate that repo_path arguments in subsequent tool calls stayed within the configured path, potentially allowing operations on other repositories accessib...
CVE-2025-68144
CVE-2025-68144 affects mcp-server-git. In versions prior to 2025.12.17, the git_diff and git_checkout functions forward user-controlled arguments directly to the git CLI without sanitization. This allows flag-like values (for example, --output=/path/to/file) to be interpreted as git options rathe...
CVE-2025-68144 mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...
CVE-2025-68143
The CVE-2025-68143 issue affects mcp-server-git: prior to 2025.9.25, the git_init tool accepts arbitrary filesystem paths and can create Git repositories without validating the target location. This means the server could operate on any directory accessible to the process, enabling repository cre...
GHSA-5CGR-J3JF-JW3V mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server proces...