mercurial (SUSE:Linux Enterprise Software Development Kit 12 SP2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Software Development Kit 12 SP2 package mercurial, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2017-1000116 — CVSS 9.8 (critical): Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
CVE-2017-17458 — CVSS 9.8 (critical): In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the…
CVE-2017-9462 — CVSS 8.8 (high): In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute…
CVE-2017-1000115 — CVSS 7.5 (high): Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the…