Publish Advisories

GHSA-9xwc-hfwc-8w59
GHSA-j22h-9j4x-23w5

Author: advisory-database[bot]

advisories/github-reviewed/2025/12/GHSA-9xwc-hfwc-8w59/GHSA-9xwc-hfwc-8w59.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9xwc-hfwc-8w59",
-  "modified": "2025-12-17T22:50:29Z",
+  "modified": "2025-12-20T05:17:54Z",
   "published": "2025-12-17T22:50:29Z",
   "aliases": [
     "CVE-2025-68144"
   ],
   "summary": " mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files",
-  "details": "In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpreted as command-line options rather than git refs, enabling arbitrary file overwrites. The fix adds validation that rejects arguments starting with - and verifies the argument resolves to a valid git ref via rev_parse before execution. Users are advised to update to 2025.12.17 resolve this issue when it is released.\n\nThank you to https://hackerone.com/yardenporat for reporting.",
+  "details": "In mcp-server-git versions prior to 2025.12.18, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpreted as command-line options rather than git refs, enabling arbitrary file overwrites. The fix adds validation that rejects arguments starting with - and verifies the argument resolves to a valid git ref via rev_parse before execution. Users are advised to update to 2025.12.18 resolve this issue.\n\nThank you to https://hackerone.com/yardenporat for reporting.",
   "severity": [
     {
       "type": "CVSS_V4",
@@ -28,7 +28,7 @@
               "introduced": "0"
             },
             {
-              "last_affected": "2025.11.25"
+              "fixed": "2025.12.18"
             }
           ]
         }
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-9xwc-hfwc-8w59"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68144"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/modelcontextprotocol/servers"
@@ -52,6 +56,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-17T22:50:29Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-17T23:16:04Z"
   }
 }

advisories/github-reviewed/2025/12/GHSA-j22h-9j4x-23w5/GHSA-j22h-9j4x-23w5.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j22h-9j4x-23w5",
-  "modified": "2025-12-17T22:50:38Z",
+  "modified": "2025-12-20T05:18:27Z",
   "published": "2025-12-17T22:50:38Z",
   "aliases": [
     "CVE-2025-68145"
   ],
   "summary": "mcp-server-git has missing path validation when using --repository flag",
-  "details": "In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could allow tool calls to operate on other repositories accessible to the server process. The fix adds path validation that resolves both the configured repository and the requested path (following symlinks) and verifies the requested path is within the allowed repository before executing any git operations. Users are advised to upgrade to 2025.12.17 upon release to remediate this issue.\n\nThank you to https://hackerone.com/yardenporat for reporting.",
+  "details": "In mcp-server-git versions prior to 2025.12.18, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could allow tool calls to operate on other repositories accessible to the server process. The fix adds path validation that resolves both the configured repository and the requested path (following symlinks) and verifies the requested path is within the allowed repository before executing any git operations. Users are advised to upgrade to 2025.12.18 to remediate this issue.\n\nThank you to https://hackerone.com/yardenporat for reporting.",
   "severity": [
     {
       "type": "CVSS_V4",
@@ -28,7 +28,7 @@
               "introduced": "0"
             },
             {
-              "last_affected": "2025.11.25"
+              "fixed": "2025.12.18"
             }
           ]
         }
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-j22h-9j4x-23w5"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68145"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/modelcontextprotocol/servers"
@@ -52,6 +56,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2025-12-17T22:50:38Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2025-12-17T23:16:04Z"
   }
 }