CNNVD-202507-080 Information

CNNVD ID

CNNVD-202507-080

Related CVE

CVE-2025-53107

• CNNVD Published: 2025-07-01

Description (Chinese)

Git MCP Server是Casey Hand个人开发者的一个MCP服务器。 Git MCP Server 2.1.5之前版本存在命令注入漏洞，该漏洞源于未清理输入参数导致命令注入，可能导致远程代码执行。

Description (English)

Git MCP Server is an MCP server for Casey Hand personal developers. Git MCP Server 2.1.5 had a command-injection loophole, which originated from uncleaned input parameters leading to command-injection, which could lead to remote code execution.

Hazard Level

Medium

Vulnerability Type

命令注入

Affected Vendor

Live Support

Published

2025-07-01

Last Modified

2026-02-24

References

https://github.com/cyanheads/git-mcp-server/releases/tag/v2.1.5 https://github.com/cyanheads/git-mcp-server/security/advisories/GHSA-3q26-f695-pp76 https://github.com/cyanheads/git-mcp-server/commit/0dbd6995ccdf76ab770b58013034365b2d06c4d9 https://access.redhat.com/security/cve/cve-2025-53107

Patch

https://github.com/cyanheads/git-mcp-server/tags