Git Mcp Server
Monthly
Local command injection in sigmade Git-MCP-Server's merge diff functions allows authenticated local attackers to execute arbitrary OS commands through unsanitized input passed to child_process.exec in src/gitUtils.ts. Public exploit code exists for this vulnerability, increasing the risk of active abuse. A patch is available and should be applied immediately, as the vendor has not responded to early disclosure notifications.
Local command injection in sigmade Git-MCP-Server's merge diff functions allows authenticated local attackers to execute arbitrary OS commands through unsanitized input passed to child_process.exec in src/gitUtils.ts. Public exploit code exists for this vulnerability, increasing the risk of active abuse. A patch is available and should be applied immediately, as the vendor has not responded to early disclosure notifications.