Lucene search

Veracode Vulnerability DatabaseVERACODE:12505

HistoryJan 15, 2019 - 9:17 a.m.

Remote Code Execution (RCE)

2019-01-1509:17:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.03 Low

EPSS

Percentile

91.0%

JSON

Mecurial is vulnerable to remote code execution (RCE). The hg serve --stdio command allows a malicious user to launch the python debugger to execute arbitrary python code by using --debugger as the target repository.

CPENameOperatorVersion
mercurialeq1.4__4.el6
mercurialeq1.4__3.el6

CPE	Name	Operator	Version
	mercurial	eq	1.4__4.el6
	mercurial	eq	1.4__3.el6

References

www.debian.org/security/2017/dsa-3963

www.securityfocus.com/bid/99123

access.redhat.com/errata/RHSA-2017:1576

access.redhat.com/security/updates/classification/#important

bugs.debian.org/861243

lists.debian.org/debian-lts-announce/2018/07/msg00005.html

security.gentoo.org/glsa/201709-18

www.mercurial-scm.org/repo/hg/rev/77eaf9539499

www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29

0.03 Low

EPSS

Percentile

91.0%

JSON

Related for VERACODE:12505