4 matches found
CVE-2026-6980
CVE-2026-6980 concerns Divyanshu-hash GitPilot-MCP (up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd). The issue affects the repo_path function in main.py, where manipulation of the argument can lead to command injection. Exploitation is described as remote and is publicly disclosed. The descriptio...
CVE-2026-6980 Divyanshu-hash GitPilot-MCP main.py repo_path command injection
A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repopath of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...
CVE-2026-6980 Divyanshu-hash GitPilot-MCP main.py repo_path command injection
A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repopath of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...
GitPilot MCP 注入漏洞
GitPilot MCP is an automated GitHub contribution intelligent proxy tool developed by Divyanshu Giri. The GitPilot MCP 9ed9f153ba4158a2ad230ee4871b25130da29ffd version previously had a injection vulnerability. This vulnerability stemmed from improper handling of the command parameter in the repopa...