Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.8 views

CVE-2026-27735

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

6.4CVSS5.4AI score0.00287EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 3:16 p.m.7 views

GHSA-VJQX-CFC4-9H6V mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...

6.4CVSS5.6AI score0.00287EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/26 3:16 p.m.42 views

mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...

6.5CVSS5.4AI score0.00287EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.9 views

PT-2026-22055

Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2026.1.14 Description The Model Context Protocol Servers software contains an issue where the git add tool does not properly validate file paths provided in the files argument. This allows relative paths...

6.5CVSS5.8AI score0.00287EPSS
Exploits0References13
Rows per page
Query Builder