CVE-2014-9462

Опубликовано: 29 дек. 2014

Источник: redhat

CVSS2: 6.5

Описание

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

Отчет

Red Hat Product Security has rated this issue as having moderate security impact. This issue is not currently planned to be addressed in future updates.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	mercurial	Will not fix
Red Hat Enterprise Linux 7	mercurial	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1204807mercurial: command Injection via sshpeer._validaterepo()

6.5 Medium

CVSS2

Связанные уязвимости

CVE-2014-9462

ubuntu

почти 11 лет назад

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

CVE-2014-9462

nvd

почти 11 лет назад

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

CVE-2014-9462

debian

почти 11 лет назад

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows ...

SUSE-SU-2015:0836-1

suse-cvrf

почти 11 лет назад

Security update for mercurial

SUSE-SU-2015:0817-1

suse-cvrf

почти 11 лет назад

Security update for mercurial

6.5 Medium

CVSS2