Mercurial Security Vulnerabilities and Issues — Mercurial CVE List

Lucene search

MercurialMercurial

4 matches found

CVE•added 2017/10/05 1:29 a.m.•112 views

CVE-2017-1000115

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

7.5CVSS8.2AI score0.02142EPSS

CVE•added 2018/07/06 12:29 a.m.•69 views

CVE-2018-13348

The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

7.5CVSS8.3AI score0.00145EPSS

CVE•added 2015/03/31 2:59 p.m.•66 views

CVE-2014-9462

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

7.5CVSS9.2AI score0.01289EPSS

CVE•added 2018/07/06 12:29 a.m.•66 views

CVE-2018-13346

The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.

7.5CVSS8.3AI score0.00144EPSS