CNNVD-202512-3141 Information
CNNVD ID
CNNVD-202512-3141
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
Model Context Protocol Servers是Model Context Protocol开源的一个大模型上下文协议服务器。 Model Context Protocol Servers 2025.9.25之前版本存在路径遍历漏洞,该漏洞源于git_init工具接受任意文件系统路径且未验证目标位置,可能导致在服务器进程可访问的任何目录中创建Git仓库。
Description (English)
Model ContoxProtocol Servers is a large-model context protocol server for the Model ContextProtocol open source. Model Context Protocol Servers 2025.9.25 has a loophole in the path, which originated from the git init tool ’ s acceptance of any file system path and failure to verify the target position, which could lead to the creation of the Git repository in any directory accessible to the server process.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
Model Context Protocol
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-5cgr-j3jf-jw3v https://github.com/modelcontextprotocol/servers/commit/eac56e7bcde48fb64d5a973924d05d69a7d876e6 https://access.redhat.com/security/cve/cve-2025-68143
Patch
https://github.com/modelcontextprotocol/servers/releases
Share on: