CNNVD-202512-3140 Information
CNNVD ID
CNNVD-202512-3140
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
Model Context Protocol Servers是Model Context Protocol开源的一个大模型上下文协议服务器。 Model Context Protocol Servers 2025.12.17之前版本存在参数注入漏洞,该漏洞源于git_diff和git_checkout函数将用户控制的参数直接传递给git CLI命令而未进行清理,可能导致任意文件覆盖。
Description (English)
Model ContoxProtocol Servers is a large-model context protocol server for the Model ContextProtocol open source. The previous version of Model ContoxProtocol Servers 2025.12.17 had a gap in the parameters, which stemmed from the fact that the git diff and git checkout functions passed user-controlled parameters directly to the git CLI command without cleaning them up, which could lead to any file overwhelming.
Hazard Level
High
Vulnerability Type
参数注入
Affected Vendor
Model Context Protocol
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-9xwc-hfwc-8w59 https://access.redhat.com/security/cve/cve-2025-68144
Patch
https://github.com/modelcontextprotocol/servers/releases
Share on: