2 matches found
CVE-2025-68145 mcp-server-git has missing path validation when using --repository flag
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...
CVE-2025-68145
The CVE-2025-68145 issue affects mcp-server-git when started with the --repository flag. The root cause is missing validation of repo_path in subsequent tool calls, allowing operations on repositories outside the configured path. The fix adds path validation that resolves both the configured repo...