Download
| Alert*
oval:org.secpod.oval:def:204535
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use ... oval:org.secpod.oval:def:603088 Several issues were discovered in Mercurial, a distributed revision control system. CVE-2017-9462 Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. CVE-2017-1000115 Mercurial"s symlink auditing ... oval:org.secpod.oval:def:1800490 CVE-2017-9462: Python debugger accessible to authorized users In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. oval:org.secpod.oval:def:53127 Several issues were discovered in Mercurial, a distributed revision control system. CVE-2017-9462 Jonathan Claudius of Mozilla discovered that repositories served over stdio could be tricked into granting authorized users access to the Python debugger. CVE-2017-1000115 Mercurial"s symlink auditing ... oval:org.secpod.oval:def:1800673 CVE-2017-1000115: Mercurial"s symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository. oval:org.secpod.oval:def:1800652 CVE-2017-9462: Python debugger accessible to authorized users In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. oval:org.secpod.oval:def:1501907 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501908 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502056 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use ... oval:org.secpod.oval:def:204532 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use ... oval:org.secpod.oval:def:112497 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects oval:org.secpod.oval:def:1600730 Python debugger accessible to authorized users:A flaw was found in the way hg serve --stdio command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted command-line options oval:org.secpod.oval:def:112490 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects |