Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mercurial mercurial vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2023-5752
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mer...
Pypa Pip
6 Github repositories
5.3
CVSSv3
CVE-2022-43410
Jenkins Mercurial Plugin 1251.va_b_121f184902 and previous versions provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access.
Jenkins Mercurial
8.8
CVSSv3
CVE-2022-29184
GoCD is a continuous delivery server. In GoCD versions before 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via co...
Thoughtworks Gocd
7.5
CVSSv3
CVE-2022-30948
Jenkins Mercurial Plugin 2.16 and previous versions allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM cont...
Jenkins Mercurial
8.8
CVSSv3
CVE-2022-24828
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist...
Getcomposer Composer
Tenable Tenable.sc
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
8.8
CVSSv3
CVE-2022-23915
The package weblate from 0 and prior to 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.
Weblate Weblate
8.8
CVSSv3
CVE-2021-29472
Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. ...
Getcomposer Composer
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
6.5
CVSSv3
CVE-2020-2305
Jenkins Mercurial Plugin 2.11 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Mercurial
4.3
CVSSv3
CVE-2020-2306
A missing permission check in Jenkins Mercurial Plugin 2.11 and previous versions allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.
Jenkins Mercurial
9.8
CVSSv3
CVE-2014-9390
Git prior to 1.8.5.6, 1.9.x prior to 1.9.5, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.4, and 2.2.x prior to 2.2.1 on Windows and OS X; Mercurial prior to 3.2.3 on Windows and OS X; Apple Xcode prior to 6.2 beta 3; mine all versions prior to 08-12-2014; libgit2 all versions up to 0...
Git-scm Git
Mercurial Mercurial
Apple Xcode
Apple Xcode 6.2
Eclipse Egit
Eclipse Jgit
Libgit2 Libgit2
2 Metasploit modules
4 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »