GHSA-5cgr-j3jf-jw3v

Suggest an improvement
Source
https://github.com/advisories/GHSA-5cgr-j3jf-jw3v
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-5cgr-j3jf-jw3v/GHSA-5cgr-j3jf-jw3v.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-5cgr-j3jf-jw3v
Aliases
Published
2025-12-17T19:49:54Z
Modified
2025-12-20T05:26:17.347431Z
Severity
  • 6.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H CVSS Calculator
Summary
mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
Details

In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server process, making those directories eligible for subsequent git operations. The tool was removed entirely, as the server is intended to operate on existing repositories only. Users are advised to upgrade to 2025.9.25 or newer to remediate this issue.

Thank you to https://hackerone.com/yardenporat for disclosure, @0dd for contributing the fix.

Database specific 
{
    "nvd_published_at": "2025-12-17T23:16:04Z",
    "github_reviewed_at": "2025-12-17T19:49:54Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "MODERATE"
}
References

Affected packages

PyPI / mcp-server-git

Package

Name
mcp-server-git
View open source insights on deps.dev
Purl
pkg:pypi/mcp-server-git

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2025.9.25

Affected versions

0.*
0.2.0
0.3.0
0.4.0
0.4.1
0.5.0
0.5.1
0.6.0
0.6.1
0.6.2
2025.*
2025.1.14
2025.7.1

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-5cgr-j3jf-jw3v/GHSA-5cgr-j3jf-jw3v.json"