VDB

PYSEC-2017-88

PYSEC-2017-88 PUBLISHED

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

Affected Products

VendorProductVersions
PyPImercurial2.1.2, 0, 0.9.1

Timeline

  • Oct 5, 2017 CVE Published
  • May 1, 2024 CVE Updated
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›