- Home
- CVEs with nessus.description==Mercurial Release Notes :
CVE-2017-1000115
Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository.
CVE-2017-1000116
Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a hostname starting with
-oProxyCommand. This is also present in Git (CVE-2017-1000117) and Subversion (CVE-2017-9800), so please patch those tools as well if you have them installed.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top