[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-9462Date: (C)2015-04-01   (M)2023-12-22


The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
OSVDB-119816
DSA-3257
GLSA-201612-19
http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
http://mercurial.selenic.com/wiki/WhatsNew
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
openSUSE-SU-2015:0617

CPE    2
cpe:/o:opensuse:opensuse:13.1
cpe:/a:mercurial:mercurial
CWE    1
CWE-20
OVAL    1
oval:org.secpod.oval:def:602086

© SecPod Technologies