GHSA-V2GW-X5JF-PGWV Mercurial Directory traversal vulnerability

Directory traversal vulnerability in patch.py in Mercurial before 1.0.2 allows user-assisted attackers to modify arbitrary files via ".." dot dot sequences in a patch file...

CVE-2019-13122

A Cross Site Scripting XSS vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msg...

Mercurial patch.py文件目录遍历漏洞

BUGTRAQ ID: 30072 CVECAN ID: CVE-2008-2942 Mercurial是分布式的源码管理控制系统。 Mercurial的mercurial/patch.py文件中没有正确地过滤对applydiff函数的输入参数，如果远程攻击者提交了恶意请求的话，就可以通过目录遍历攻击重新命名代码库外任意文件的名称。 Mercurial 1.0.1 Gentoo ------ Gentoo已经为此发布了一个安全公告（GLSA-200807-09）以及相应补丁: GLSA-200807-09：Mercurial: Directory traversal...

Mercurial 'patch.py'目录遍历漏洞

BUGTRAQ ID: 30072 CVE ID：CVE-2008-2942 CNCVE ID：CNCVE-20082942 Mercurial是一款分布式的版本控制工具。 Mercurial存在输入验证错误，远程攻击者可以利用漏洞进行目录遍历攻击，可能建立或者覆盖系统文件。 目前没有详细漏洞细节提供。 rPath rPath Linux 2 Mercurial Mercurial 1.0.17 可参考如下补丁： http://www.selenic.com/hg/rev/87c704ac92d4...

DEBIAN-CVE-2008-2942

Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." dot dot sequences in a patch file...