VDB

PYSEC-2019-188

PYSEC-2019-188 PUBLISHED

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

Affected Products

VendorProductVersions
PyPImercurial4.6rc1, 0, 0.9

Timeline

  • Apr 22, 2019 CVE Published
  • May 1, 2024 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›