Model Context Protocol Servers
Monthly
Path traversal in mcp-server-git prior to version 2025.12.17 allows unauthenticated remote attackers to access repositories outside the configured repository restriction via unvalidated repo_path arguments in tool calls. When the server is started with the --repository flag to isolate operations to a specific path, the application failed to verify that subsequent tool call arguments remained within that allowed directory, enabling access to other repositories on the same system. An attacker with network access and user interaction (UI:P) can exploit this to read or modify git repositories beyond the intended scope.
Arbitrary file overwrite in mcp-server-git prior to version 2025.12.17 allows unauthenticated remote attackers with user interaction to overwrite files via unsanitized command-line arguments passed to git CLI functions. The vulnerability affects git_diff and git_checkout operations where flag-like values (e.g., --output=/path/to/file) are interpreted as git options rather than validated references, enabling attackers to redirect output to arbitrary filesystem locations. CVSS 6.3 reflects high integrity impact with low availability impact; EPSS signal and active exploitation status not independently confirmed at analysis time.
Unvalidated path handling in mcp-server-git versions before 2025.9.25 allows remote attackers to create Git repositories in arbitrary filesystem locations accessible to the server process via the git_init tool, potentially enabling subsequent malicious git operations on unintended directories. The git_init tool was completely removed in the patched version since the server is designed to operate only on existing repositories. No active exploitation has been confirmed, but the vulnerability carries a moderate CVSS score of 6.5 with network accessibility and high scope impact.
Path traversal in mcp-server-git prior to version 2025.12.17 allows unauthenticated remote attackers to access repositories outside the configured repository restriction via unvalidated repo_path arguments in tool calls. When the server is started with the --repository flag to isolate operations to a specific path, the application failed to verify that subsequent tool call arguments remained within that allowed directory, enabling access to other repositories on the same system. An attacker with network access and user interaction (UI:P) can exploit this to read or modify git repositories beyond the intended scope.
Arbitrary file overwrite in mcp-server-git prior to version 2025.12.17 allows unauthenticated remote attackers with user interaction to overwrite files via unsanitized command-line arguments passed to git CLI functions. The vulnerability affects git_diff and git_checkout operations where flag-like values (e.g., --output=/path/to/file) are interpreted as git options rather than validated references, enabling attackers to redirect output to arbitrary filesystem locations. CVSS 6.3 reflects high integrity impact with low availability impact; EPSS signal and active exploitation status not independently confirmed at analysis time.
Unvalidated path handling in mcp-server-git versions before 2025.9.25 allows remote attackers to create Git repositories in arbitrary filesystem locations accessible to the server process via the git_init tool, potentially enabling subsequent malicious git operations on unintended directories. The git_init tool was completely removed in the patched version since the server is designed to operate only on existing repositories. No active exploitation has been confirmed, but the vulnerability carries a moderate CVSS score of 6.5 with network accessibility and high scope impact.