CVE-2014-9462

Опубликовано: 31 мар. 2015

Источник: debian

EPSS Низкий

Описание

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mercurial	fixed	3.4-1		package

Примечания

http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
http://selenic.com/hg/rev/e3f30068d2eb

EPSS

Процентиль: 79%

0.01289

Низкий

Связанные уязвимости

CVE-2014-9462

ubuntu

почти 11 лет назад

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

CVE-2014-9462

redhat

около 11 лет назад

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

CVE-2014-9462

nvd

почти 11 лет назад

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

SUSE-SU-2015:0836-1

suse-cvrf

почти 11 лет назад

Security update for mercurial

SUSE-SU-2015:0817-1

suse-cvrf

почти 11 лет назад

Security update for mercurial

EPSS

Процентиль: 79%

0.01289

Низкий