Mercurial before 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mercurial mercurial |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux server eus 7.4 |
||
redhat enterprise linux server eus 7.5 |
||
redhat enterprise linux server eus 7.6 |
||
redhat enterprise linux server tus 7.4 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server aus 7.4 |
Git, Mercurial, SVN patched; CVS hasn't got around to it yet
Users of the world's most popular software version control systems can be attacked when cloning a repository over SSH. When first announced by Recurity Labs' Joern Schneeweisz, the vulnerability was attributed to Git, Mercurial and Subversion; and over the weekend, Hank Leininger of Korelogic told the OSS-Sec list the issue also affects the ancient CVS (Concurrent Versions System). Schneeweisz writes that he first spotted the issue in Git LFS (Large File Storage) in May, and worked out that an a...