2 matches found
Mercurial patch.py文件目录遍历漏洞
BUGTRAQ ID: 30072 CVECAN ID: CVE-2008-2942 Mercurial是分布式的源码管理控制系统。 Mercurial的mercurial/patch.py文件中没有正确地过滤对applydiff函数的输入参数,如果远程攻击者提交了恶意请求的话,就可以通过目录遍历攻击重新命名代码库外任意文件的名称。 Mercurial 1.0.1 Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200807-09)以及相应补丁: GLSA-200807-09:Mercurial: Directory traversal...
GLSA-200807-09 : Mercurial: Directory traversal
The remote host is affected by the vulnerability described in GLSA-200807-09 Mercurial: Directory traversal Jakub Wilk discovered a directory traversal vulnerability in the applydiff function in the mercurial/patch.py file. Impact : A remote attacker could entice a user to import a specially...