CNNVD-202512-3139 Information
CNNVD ID
CNNVD-202512-3139
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
Model Context Protocol Servers是Model Context Protocol开源的一个大模型上下文协议服务器。 Model Context Protocol Servers 2025.12.17之前版本存在路径遍历漏洞,该漏洞源于未验证后续工具调用中的repo_path参数是否在配置的路径内,可能导致对服务器进程可访问的其他仓库进行操作。
Description (English)
Model ContoxProtocol Servers is a large-model context protocol server for the Model ContextProtocol open source. There was a path-to-path loophole in the previous version of Mode ContoxProtocol Servers 2025.12.17, which originated from the failure to verify whether the repo path parameter in the subsequent tool call was within the configured path, which could lead to the operation of other warehouses that the server process could access.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
Model Context Protocol
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-j22h-9j4x-23w5 https://access.redhat.com/security/cve/cve-2025-68145
Patch
https://github.com/modelcontextprotocol/servers/releases
Share on: