Fix: Git Server Path Restriction

[0dd]

TLDR

Fix the critical Security Issue see the report

• Remove the attack path

Description

Server Details

• Server: Git Server
• Changes to: Tool

Motivation and Context

Security Issue: Please Check the report

How Has This Been Tested?

Test with Amazon Q and MCP CLI

Breaking Changes

All Users need to update to this version to prevent Security Issue (detailed in the link

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Protocol Documentation
• My changes follows MCP security best practices
• I have updated the server's README accordingly
• I have tested this with an LLM client
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have documented all environment variables and configuration options

[0dd]

Please DM me on Discord to discuss the technical details https://discord.com/channels/1358869848138059966/1379811011669921883/1420257622606483556

[0dd]

@cliffhall @olahungerford @domdomegg
Please take a look on this critical fix.

[0dd]

Reason: https://docs.google.com/document/d/1zzx1rzdFa3ZjYFKbpfFiCcA9uloNWc0JzQARoSxyHws/edit?disco=AAABr3YMuU8

[cliffhall]

LGTM! 👍

Thanks @0dd for finding and fixing this vulnerability.

[0dd]

Hi team I saw this have been fixed in the version mcp-server-git@2025.9.25.

Thank you all for the fix version build.

@cliffhall @jenn-newton Can you also help request the CVE for this one?

The vulnerability was introduced from https://github.com/modelcontextprotocol/servers/pull/551/files
The affected version was from date version 2025.2.2 to the version < @2025.9.25.