Mercurial Security Vulnerabilities and Issues — Mercurial CVE List

Lucene search

MercurialMercurial

5 matches found

CVE•added 2020/02/12 2:15 a.m.•172 views

CVE-2014-9390

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-...

9.8CVSS9.1AI score0.53354EPSS

CVE•added 2017/06/06 9:29 p.m.•143 views

CVE-2017-9462

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

9CVSS8.5AI score0.50832EPSS

CVE•added 2018/03/14 1:29 p.m.•104 views

CVE-2018-1000132

Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

9.1CVSS8.8AI score0.0026EPSS

CVE•added 2018/07/06 12:29 a.m.•84 views

CVE-2018-13347

mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.

9.8CVSS8.9AI score0.00431EPSS

CVE•added 2018/10/04 11:29 p.m.•73 views

CVE-2018-17983

cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.

9.1CVSS8.9AI score0.0023EPSS