Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
Vulnerability Description
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, git_init could operate on any directory accessible to the server process, making those directories eligible for subsequent git operations. The tool was removed entirely, as the server is intended to operate on existing repositories only. Users are advised to upgrade to 2025.9.25 or newer to remediate this issue.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Model Context Protocol Servers 路径遍历漏洞
Vulnerability Description
Model Context Protocol Servers是Model Context Protocol开源的一个大模型上下文协议服务器。 Model Context Protocol Servers 2025.9.25之前版本存在路径遍历漏洞,该漏洞源于git_init工具接受任意文件系统路径且未验证目标位置,可能导致在服务器进程可访问的任何目录中创建Git仓库。
CVSS Information
N/A
Vulnerability Type
N/A