Описание
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | |
| cosmic | not-affected | |
| devel | not-affected | |
| esm-apps/bionic | not-affected | |
| esm-apps/xenial | released | 3.7.3-1ubuntu1.1 |
| esm-infra-legacy/trusty | released | 2.8.2-1ubuntu1.4 |
| precise/esm | DNE | |
| trusty | released | 2.8.2-1ubuntu1.4 |
| trusty/esm | released | 2.8.2-1ubuntu1.4 |
Показывать по
10 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.
In Mercurial before 4.4.1, it is possible that a specially malformed r ...
10 Critical
CVSS2
9.8 Critical
CVSS3