libvcs Command Injection Vulnerability
libvcs is a vcs abstraction layer. libvcs is vulnerable to command injection, which stems from the fact that when the updaterepo function is called, the url argument is passed to the hg clone command, and an attacker can exploit this vulnerability to execute commands by injecting some hg options...