VDB

PYSEC-2017-89

PYSEC-2017-89 PUBLISHED

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

Affected Products

VendorProductVersions
PyPImercurial0, 0.8.1, 0.9

Timeline

  • Oct 5, 2017 CVE Published
  • May 1, 2024 CVE Updated
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›