Описание
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
Starting with version 1.5.3, Mercurial allows environment variable expansion on path names for sub repositories when creating it or cloning a parent repository, but it doesn't validate whether the final path name outside the repository root directory. An attacker can leverage this weakness using a combination of symbolic links and environment variables to craft a tampered repository, leading Mercurial to write files outside the repository as long the destination location is empty.
Отчет
This issue affects the versions of mercurial as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Tower 3 | mercurial | Not affected | ||
| Red Hat Enterprise Linux 6 | mercurial | Not affected | ||
| Red Hat Enterprise Linux 7 | mercurial | Will not fix | ||
| Red Hat Enterprise Linux 8 | mercurial | Will not fix |
Показывать по
Дополнительная информация
Статус:
5.1 Medium
CVSS3
Связанные уязвимости
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
A flaw was found in Mercurial before 4.9. It was possible to use symli ...
5.1 Medium
CVSS3