I’d like to submit an RCE issue within Git SVN and Mercurial, the CVEs are:
Further Info can be found at:
http://blog.recurity-labs.com/2017-08-10/scm-vulns
And product specific:
I think these issues which all are based on the same flaw could be worth
an IBB Bounty. However I’d like to point out that we at Recurity Labs
would like the bounty being donated to a charity. The to be determined
charity will be something in the field of brain aneurysm, this is due to
the fact that Felix, the founder of Recurity Labs, currently is
recovering from a brain aneurysm.
So, just let us know what you think about this.
Cheers,
joern
P.S. I took the CVSS Score from the Subversion Advisory
the Redhat advisory states a score of 6.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) I guess the truth is somewhere in between.