Soumettre #773796: sigmade Git-MCP-Server <=1.0.0 Command Injectioninformation

Titresigmade Git-MCP-Server <=1.0.0 Command Injection
DescriptionA command injection vulnerability exists in Git-MCP-Server due to unsafe use of child_process.exec when constructing Git commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process. The following MCP tools construct command strings using user-supplied parameters and execute them via child_process.exec:  show_merge_diff: interpolates fromBranch and toBranch parameters  quick_merge_summary: interpolates branch parameter  show_file_diff: interpolates filename, fromBranch, and toBranch parameters Because exec invokes commands through a system shell, specially crafted input containing shell metacharacters (such as `;`, `&`, or `|`) may be interpreted as additional commands rather than treated as data. For example, an attacker could supply a malicious value in fromBranch to inject arbitrary shell commands, which would then be executed with the privileges of the MCP server process. The vulnerability results from shell-based command execution combined with direct interpolation of untrusted input. In MCP environments, LLM-generated tool parameters influenced by external content may trigger execution of injected commands without direct local user interaction. Vulnerable lines of code (show_merge_diff): (Command construction with user input): https://github.com/sigmade/Git-MCP-Server/blob/ma ster/src/gitUtils.ts#L36-L39 (Parameter definition without validation): https://github.com/sigmade/Git-MCP-Server/blob/ma ster/src/index.ts#L28-L50 (Unsafe execSync() call): https://github.com/sigmade/Git-MCP-Server/blob/master/src/gitUtils.t s#L14-L16
La source⚠️ https://github.com/sigmade/Git-MCP-Server/issues/1
Utilisateur
 Yinci Chen (UID 94659)
Soumission06/03/2026 08:10 (il y a 3 mois)
Modérer20/03/2026 10:16 (14 days later)
StatutAccepté
Entrée VulDB352045 [sigmade Git-MCP-Server src/gitUtils.ts child_process.exec élévation de privilèges]
Points20

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!