CVE-2017-9462

Опубликовано: 06 июн. 2017

Источник: ubuntu

Приоритет: medium

EPSS Средний

CVSS2: 9

CVSS3: 8.8

Описание

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

Релиз	Статус	Примечание
artful	released	4.3.1-2
bionic	not-affected
cosmic	not-affected
devel	not-affected
esm-apps/bionic	not-affected
esm-apps/xenial	released	3.7.3-1ubuntu1.1
esm-infra-legacy/trusty	released	2.8.2-1ubuntu1.4
precise/esm	DNE
trusty	released	2.8.2-1ubuntu1.4
trusty/esm	released	2.8.2-1ubuntu1.4

Показывать по

Ссылки на источники

EPSS

Процентиль: 98%

0.48699

Средний

9 Critical

CVSS2

8.8 High

CVSS3

Связанные уязвимости

CVE-2017-9462

CVSS3: 6.3

redhat

больше 8 лет назад

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

CVE-2017-9462

CVSS3: 8.8

nvd

больше 8 лет назад

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

CVE-2017-9462

CVSS3: 8.8

debian

больше 8 лет назад

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authentica ...

openSUSE-SU-2017:1572-1

suse-cvrf

больше 8 лет назад

Security update for mercurial

SUSE-SU-2017:1606-1

suse-cvrf

больше 8 лет назад

Security update for mercurial

EPSS

Процентиль: 98%

0.48699

Средний

9 Critical

CVSS2

8.8 High

CVSS3

CVE-2017-9462

Описание

Пакет mercurial

Ссылки на источники

Связанные уязвимости