Описание
The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.
It was discovered that the Mercurial convert extension invoked Git in a way that could cause Git to interpret local repository name as remote repository URL. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | mercurial | Will not fix | ||
| Red Hat Enterprise Linux 7 | mercurial | Will not fix |
Показывать по
Дополнительная информация
Статус:
5.1 Medium
CVSS2
Связанные уязвимости
The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.
The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.
The convert extension in Mercurial before 3.8 might allow context-depe ...
5.1 Medium
CVSS2