@cyanheads/git-mcp-server Command Injection Vulnerability Allowing Remote Code Execution

A command injection vulnerability has been identified in the @cyanheads/git-mcp-server package, specifically in versions prior to 2.1.4. The issue arises from the unsanitized use of input parameters in a call to child_process.exec, which enables attackers to inject arbitrary system commands. Exploitation of this vulnerability can lead to remote code execution under the privileges of the server process. The vulnerability is introduced by executing shell commands with unvalidated user input, creating opportunities for shell metacharacter injection. The issue has been patched in version 2.1.5.

Impact

Exploitation of this vulnerability allows for command injection, leading to remote code execution on the server where the MCP server is running.

Reproduction

The vulnerability can be reproduced by sending a request to the MCP server that includes unvalidated input parameters. This can be done using an MCP client, such as Cursor, by enabling the 'git-mcp-server' and sending a prompt that includes injected instructions. The server will execute the injected commands as part of the response processing, leading to arbitrary command execution on the host.

Remediation

Users are advised to update to version 2.1.5 or later, where this vulnerability has been patched.