"Mcp-server-git is a Python package and an MCP server that provides a set of built-in tools to read, search, and manipulate Git repositories programmatically via large language models (LLMs). The security issues, which have been addressed in versions 2025.9.25 and 2025.12.18 following responsible disclosure in June 2025, are listed below - CVE-2025-68143 (CVSS score: 8.8 [v3] / 6.5 [v4]) - A path traversal vulnerability arising as a result of the git_init tool accepting arbitrary file system paths during repository creation without validation (Fixed in version 2025.9.25)"
"CVE-2025-68144 (CVSS score: 8.1 [v3] / 6.4 [v4]) - An argument injection vulnerability arising as a result of git_diff and git_checkout functions passing user-controlled arguments directly to git CLI commands without sanitization (Fixed in version 2025.12.18) CVE-2025-68145 (CVSS score: 7.1 [v3] / 6.3 [v4]) - A path traversal vulnerability arising as a result of a missing path validation when using the --repository flag to limit operations to a specific repository path (Fixed in version 2025.12.18)"
Three vulnerabilities in mcp-server-git enable attackers who can influence an AI assistant's inputs to exploit prompt injection and perform file-system and Git operations. The issues include two path traversal flaws and one argument injection flaw that allow creation of repositories at arbitrary paths, passing unsanitized arguments to git CLI commands, and bypassing repository path restrictions. Fixed versions are 2025.9.25 and 2025.12.18 following responsible disclosure in June 2025. Successful exploitation can convert any directory into a Git repository, overwrite files with empty diffs, and access any repository on the server. Systems using affected releases should upgrade promptly.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]