Описание
Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | code not built |
| cosmic | ignored | end of life |
| devel | DNE | |
| disco | not-affected | code not built |
| eoan | not-affected | code not built |
| esm-apps/bionic | not-affected | code not built |
| esm-apps/focal | not-affected | code not built |
| esm-apps/jammy | not-affected | code not built |
| esm-apps/noble | not-affected | code not built |
Показывать по
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.
Phabricator before 2017-11-10 does not block the --config and --debugg ...
Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3