Download
| Alert*
oval:org.secpod.oval:def:2101161
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository oval:org.secpod.oval:def:204602 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of com ... oval:org.secpod.oval:def:113274 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects oval:org.secpod.oval:def:603088 Several issues were discovered in Mercurial, a distributed revision control system. CVE-2017-9462 Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. CVE-2017-1000115 Mercurial"s symlink auditing ... oval:org.secpod.oval:def:1501971 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:113103 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects oval:org.secpod.oval:def:1600772 A shell command injection flaw related to the handling of quot;sshquot; URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a quot;checkoutquot; or quot;updatequot; action on ... oval:org.secpod.oval:def:1800490 CVE-2017-9462: Python debugger accessible to authorized users In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. oval:org.secpod.oval:def:53127 Several issues were discovered in Mercurial, a distributed revision control system. CVE-2017-9462 Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. CVE-2017-1000115 Mercurial"s symlink auditing ... oval:org.secpod.oval:def:502128 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of com ... oval:org.secpod.oval:def:1800673 CVE-2017-1000115: Mercurial"s symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository. oval:org.secpod.oval:def:1800652 CVE-2017-9462: Python debugger accessible to authorized users In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. |