logo

Database

Lack of data validation In mercurial

Description

Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2016-30692. NVD-2016-30693. OSV-2016-30694. OSV-DEBIAN-2016-30695. GCVE-2016-30696. security.gentoo.org7. SECURITY-TRACKER-CVE-2016-3069

References

1. https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-27.yaml2. https://selenic.com/repo/hg-stable/rev/197eed39e3d53. https://selenic.com/repo/hg-stable/rev/80cac1de6aea4. https://selenic.com/repo/hg-stable/rev/ae279d4a19e95. https://selenic.com/repo/hg-stable/rev/b732e7f2aba46. https://selenic.com/repo/hg-stable/rev/cdda7b96afff7. https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.298. http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html9. http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html10. http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html11. http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html12. http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html13. http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html14. http://rhn.redhat.com/errata/RHSA-2016-0706.html15. http://www.debian.org/security/2016/dsa-354216. http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html17. http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.