Do your applications use this vulnerable package?
Test your applications
Overview
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
References
CVSS Score
7.5
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityNone
-
IntegrityHigh
-
AvailabilityNone
- CVE
- CVE-2017-1000115
- CWE
- CWE-59
- Snyk ID
- SNYK-DEBIAN8-MERCURIAL-311075
- Disclosed
- 05 Oct, 2017
- Published
- 05 Oct, 2017