4 matches found
Sourcetree for Windows Parameter Injection Vulnerability (CNVD-2019-09133)
Sourcetree is a free Mercurial and Git client for Windows and Mac. Sourcetree for Windows suffers from a parameter injection vulnerability that can be exploited by an attacker to execute code on a system via a Git subrepository in a Mercurial repository...
The vulnerability of the Mercurial version control software lies in its inability to properly handle special elements used in the operating system’s command line. This allows a perpetrator to execute arbitrary code.
The vulnerability of the Mercurial version control software is related to the lack of measures to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created Git subrepository...
DEBIAN-CVE-2017-17458
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be...
mercurial: command injection via git subrepository urls
It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code...