Lucene search
K

4 matches found

CNVD
CNVD
added 2018/11/06 12:0 a.m.2 views

Sourcetree for Windows Parameter Injection Vulnerability (CNVD-2019-09133)

Sourcetree is a free Mercurial and Git client for Windows and Mac. Sourcetree for Windows suffers from a parameter injection vulnerability that can be exploited by an attacker to execute code on a system via a Git subrepository in a Mercurial repository...

9CVSS8.9AI score0.02112EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2018/02/15 12:0 a.m.6 views

The vulnerability of the Mercurial version control software lies in its inability to properly handle special elements used in the operating system’s command line. This allows a perpetrator to execute arbitrary code.

The vulnerability of the Mercurial version control software is related to the lack of measures to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created Git subrepository...

10CVSS7.6AI score0.06331EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2017/12/07 6:29 p.m.2 views

DEBIAN-CVE-2017-17458

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be...

9.8CVSS9.3AI score0.06331EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/05/02 12:57 p.m.3 views

mercurial: command injection via git subrepository urls

It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code...

8.8CVSS6AI score0.05405EPSS
Exploits0References5
Rows per page
Query Builder