CVE-2017-1000115

Опубликовано: 10 авг. 2017

Источник: redhat

CVSS3: 5.4

EPSS Низкий

Описание

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of commits mixing symlinks and regular files/directories to trick Mercurial into writing outside of a given repository.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	mercurial	Will not fix
Red Hat Enterprise Linux 7	mercurial	Fixed	RHSA-2017:2489	17.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-22

https://bugzilla.redhat.com/show_bug.cgi?id=1480330Mercurial: pathaudit: path traversal via symlink

EPSS

Процентиль: 84%

0.02142

Низкий

5.4 Medium

CVSS3

Связанные уязвимости

CVE-2017-1000115

CVSS3: 7.5

ubuntu

около 8 лет назад

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

CVE-2017-1000115

CVSS3: 7.5

nvd

около 8 лет назад

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

CVE-2017-1000115

CVSS3: 7.5

debian

около 8 лет назад

Mercurial prior to version 4.3 is vulnerable to a missing symlink chec ...

GHSA-hvr9-wr9p-grgr

CVSS3: 7.5

github

больше 3 лет назад

Mercurial missing symlink check

SUSE-SU-2017:2251-1

suse-cvrf

около 8 лет назад

Security update for mercurial

EPSS

Процентиль: 84%

0.02142

Низкий

5.4 Medium

CVSS3