إرسال #773796: sigmade Git-MCP-Server <=1.0.0 Command Injectionالمعلومات

عنوانsigmade Git-MCP-Server <=1.0.0 Command Injection
الوصفA command injection vulnerability exists in Git-MCP-Server due to unsafe use of child_process.exec when constructing Git commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process. The following MCP tools construct command strings using user-supplied parameters and execute them via child_process.exec:  show_merge_diff: interpolates fromBranch and toBranch parameters  quick_merge_summary: interpolates branch parameter  show_file_diff: interpolates filename, fromBranch, and toBranch parameters Because exec invokes commands through a system shell, specially crafted input containing shell metacharacters (such as `;`, `&`, or `|`) may be interpreted as additional commands rather than treated as data. For example, an attacker could supply a malicious value in fromBranch to inject arbitrary shell commands, which would then be executed with the privileges of the MCP server process. The vulnerability results from shell-based command execution combined with direct interpolation of untrusted input. In MCP environments, LLM-generated tool parameters influenced by external content may trigger execution of injected commands without direct local user interaction. Vulnerable lines of code (show_merge_diff): (Command construction with user input): https://github.com/sigmade/Git-MCP-Server/blob/ma ster/src/gitUtils.ts#L36-L39 (Parameter definition without validation): https://github.com/sigmade/Git-MCP-Server/blob/ma ster/src/index.ts#L28-L50 (Unsafe execSync() call): https://github.com/sigmade/Git-MCP-Server/blob/master/src/gitUtils.t s#L14-L16
المصدر⚠️ https://github.com/sigmade/Git-MCP-Server/issues/1
المستخدم
 Yinci Chen (UID 94659)
ارسال06/03/2026 08:10 AM (3 أشهر منذ)
الاعتدال20/03/2026 10:16 AM (14 days later)
الحالةتمت الموافقة
إدخال VulDB352045 [sigmade Git-MCP-Server حتى 785aa159f262a02d5791a5d8a8e13c507ac42880 src/gitUtils.ts child_process.exec تجاوز الصلاحيات]
النقاط20

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!