Описание
Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | |
| devel | not-affected | |
| feisty | ignored | |
| gutsy | ignored | |
| hardy | ignored | |
| upstream | released | 1.0.2 |
Показывать по
Ссылки на источники
5 Medium
CVSS2
Связанные уязвимости
Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.
Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.
Mercurial before 1.0.2 does not enforce the allowpull permission setti ...
Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.
5 Medium
CVSS2