Mercurial Remote Command Injection and Symlink Directory Traversal Vulnerabilities

Bugtraq ID: 100290
Class: Input Validation Error
CVE: CVE-2017-1000115
CVE-2017-1000116
Remote: Yes
Local: No
Published: Aug 10 2017 12:00AM
Updated: Aug 10 2017 12:00AM
Credit: Cedric Buissart
Vulnerable: Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Mercurial Mercurial 4.2.2
Mercurial Mercurial 4.2.1
Mercurial Mercurial 4.1.3
Mercurial Mercurial 4.1.2
Mercurial Mercurial 4.1.1
Mercurial Mercurial 4.0.2
Mercurial Mercurial 4.0.1
Mercurial Mercurial 3.9.2
Mercurial Mercurial 3.9.1
Mercurial Mercurial 3.7.2
Mercurial Mercurial 3.7.1
Mercurial Mercurial 3.6.3
Mercurial Mercurial 3.6.2
Mercurial Mercurial 3.5.2
Mercurial Mercurial 3.5.1
Mercurial Mercurial 3.2.4
Mercurial Mercurial 3.2.3
Mercurial Mercurial 1.6.3
Mercurial Mercurial 1.0.2
Mercurial Mercurial 1.0.1
Mercurial Mercurial 4.2
Mercurial Mercurial 4.1
Mercurial Mercurial 4.0
Mercurial Mercurial 3.9
Mercurial Mercurial 3.8
Mercurial Mercurial 3.7.3
Mercurial Mercurial 3.7
Mercurial Mercurial 3.6
Mercurial Mercurial 3.5
Mercurial Mercurial 1.6.4
Atlassian SourceTree for Windows 0.5.1.0
Atlassian SourceTree for macOS 1.0b2
Not Vulnerable: Mercurial Mercurial 4.2.3
Mercurial Mercurial 4.3
Atlassian SourceTree for Windows 2.1.10
Atlassian SourceTree for macOS 2.6.1


 

Privacy Statement
Copyright 2010, SecurityFocus