Arbitrary Code Execution Affecting mercurial package, versions [2.6.2,3.8.1)
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
1.34% (86th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-MERCURIAL-40390
- published 6 Apr 2016
- disclosed 6 Apr 2016
- credit Blake Burkhart
Overview
mercurial
is a Fast scalable distributed SCM (revision control, version control) system
The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.