21 matches found
EUVD-2018-17009
Malware in sbrugna...
EUVD-2018-5330
Malware in sbrugna...
EUVD-2018-12801
Malware in sbrugna...
EUVD-2018-17007
Malware in sbrugna...
EUVD-2021-0829
Malware in sbrugna...
The vulnerability of the Branch Name Handler component of the PHP Composer dependency manager allows a attacker to execute arbitrary commands.
The vulnerability of the Branch Name Handler component in the PHP Composer dependency manager is related to the use of the composer install command executed within the git/hg repository. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
DEBIAN-CVE-2024-35242
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are availab...
CVE-2024-35242
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are availab...
pip: Mercurial configuration injectable in repo revision when installing via pip
A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...
PT-2022-16834 · Weblate · Weblate
Name of the Vulnerable Software and Affected Versions: Weblate versions prior to 4.11.1 Description: Weblate is a web-based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them...
Atlassian Fisheye for Windows < 4.4.6, 4.5.x < 4.5.3 Remote Code Execution Vulnerability
According to its self-reported version, the installation of Atlassian Fisheye running on the remote Windows host is prior to 4.4.6 or 4.5.x prior to 4.5.3. It is, therefore, affected by a remote command execution vulnerability due to improper sanitization of characters in a Mercurial repository U...
Atlassian Crucible for Windows < 4.4.6, 4.5.x < 4.5.3 Remote Code Execution Vulnerability
According to its self-reported version, the installation of Atlassian Crucible running on the remote Windows host is prior to 4.4.6 or 4.5.x prior to 4.5.3. It is, therefore, affected by a remote command execution vulnerability due to improper sanitization of characters in a Mercurial repository...
Atlassian SourceTree 0.5a < 3.0.17 Multiple remote code execution vulnerabilities
The version of Atlassian SourceTree installed on the remote Windows host is version 0.5a prior to 3.0.17. It is, therefore, affected by multiple remote code execution vulnerabilities. - An option injection vulnerability exists in the git submodule component. An unauthenticated, remote attacker ca...
Sourcetree for Windows Parameter Injection Vulnerability (CNVD-2019-09133)
Sourcetree is a free Mercurial and Git client for Windows and Mac. Sourcetree for Windows suffers from a parameter injection vulnerability that can be exploited by an attacker to execute code on a system via a Git subrepository in a Mercurial repository...
Sourcetree for macOS parameter injection vulnerability (CNVD-2019-09132)
Sourcetree is a free Mercurial and Git client for Windows and Mac. Sourcetree for macOS suffers from a parameter injection vulnerability that can be exploited by an attacker to execute code on a system via a Git subrepository in a Mercurial repository...
CVE-2018-5226
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the...
Atlassian Fisheye / Crucible 4.5.2 Code Execution Vulnerability
Atlassian Fisheye and Crucible versions 4.5.0 through 4.5.2 suffer from a code execution vulnerability. This email refers to the advisory found at https://confluence.atlassian.com/x/aS5sO and https://confluence.atlassian.com/x/Zi5sO . CVE ID: CVE-2018-5223. Product: Fisheye and Crucible. Affected...
CVE-2018-5224
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository,...
Design/Logic Flaw
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository,...
CVE-2018-5223
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run...