提出 #773796: sigmade Git-MCP-Server <=1.0.0 Command Injection情報

タイトル	sigmade Git-MCP-Server <=1.0.0 Command Injection
説明	A command injection vulnerability exists in Git-MCP-Server due to unsafe use of child_process.exec when constructing Git commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process. The following MCP tools construct command strings using user-supplied parameters and execute them via child_process.exec:  show_merge_diff: interpolates fromBranch and toBranch parameters  quick_merge_summary: interpolates branch parameter  show_file_diff: interpolates filename, fromBranch, and toBranch parameters Because exec invokes commands through a system shell, specially crafted input containing shell metacharacters (such as `;`, `&`, or `\|`) may be interpreted as additional commands rather than treated as data. For example, an attacker could supply a malicious value in fromBranch to inject arbitrary shell commands, which would then be executed with the privileges of the MCP server process. The vulnerability results from shell-based command execution combined with direct interpolation of untrusted input. In MCP environments, LLM-generated tool parameters influenced by external content may trigger execution of injected commands without direct local user interaction. Vulnerable lines of code (show_merge_diff): (Command construction with user input): https://github.com/sigmade/Git-MCP-Server/blob/ma ster/src/gitUtils.ts#L36-L39 (Parameter definition without validation): https://github.com/sigmade/Git-MCP-Server/blob/ma ster/src/index.ts#L28-L50 (Unsafe execSync() call): https://github.com/sigmade/Git-MCP-Server/blob/master/src/gitUtils.t s#L14-L16
ソース	⚠️ https://github.com/sigmade/Git-MCP-Server/issues/1
ユーザー	Yinci Chen (UID 94659)
送信	2026年03月06日 08:10 (3 月 ago)
モデレーション	2026年03月20日 10:16 (14 days later)
ステータス	承諾済み
VulDBエントリ	352045 [sigmade Git-MCP-Server 迄 785aa159f262a02d5791a5d8a8e13c507ac42880 src/gitUtils.ts child_process.exec 特権昇格]
ポイント	20

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!