CVE-2017-9462

Опубликовано: 06 июн. 2017

Источник: debian

EPSS Средний

Описание

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mercurial	fixed	4.3.1-1		package
mercurial	fixed	4.0-1+deb9u1	stretch	package

Примечания

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29
https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499

EPSS

Процентиль: 98%

0.48699

Средний

Связанные уязвимости

CVE-2017-9462

CVSS3: 8.8

ubuntu

больше 8 лет назад

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

CVE-2017-9462

CVSS3: 6.3

redhat

больше 8 лет назад

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

CVE-2017-9462

CVSS3: 8.8

nvd

больше 8 лет назад

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

openSUSE-SU-2017:1572-1

suse-cvrf

больше 8 лет назад

Security update for mercurial

SUSE-SU-2017:1606-1

suse-cvrf

больше 8 лет назад

Security update for mercurial

EPSS

Процентиль: 98%

0.48699

Средний