Ubuntu.comUB:CVE-2014-9462CVE-2014-9462
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.031 Low
EPSS
Percentile
91.0%
The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows
remote attackers to execute arbitrary commands via a crafted repository
name in a clone command.
References
chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
selenic.com/hg/rev/e3f30068d2eb
launchpad.net/bugs/cve/CVE-2014-9462
nvd.nist.gov/vuln/detail/CVE-2014-9462
security-tracker.debian.org/tracker/CVE-2014-9462
www.cve.org/CVERecord?id=CVE-2014-9462
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.031 Low
EPSS
Percentile
91.0%