CVE-2017-17458
EUVD-2017-007207.12.2017, 18:29
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mercurial | mercurial | 𝑥 < 4.4.1 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases