matt mackall

Top products

The 9 most recently published vulnerabilities affecting matt mackall.

• CVE-2025-2361Mercurial SCM Web Interface cross site scripting4.3Mar 17, 2025
• CVE-2019-3902A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.5.1Apr 22, 2019
• CVE-2018-13346The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.7.5Jul 6, 2018
• CVE-2018-13348The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but ac...7.5Jul 6, 2018
• CVE-2018-13347mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.9.8Jul 6, 2018
• CVE-2018-1000132Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable vi...9.1Mar 14, 2018
• CVE-2017-17458In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the r...9.8Dec 7, 2017
• CVE-2017-1000116Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.9.8Oct 4, 2017
• CVE-2017-9462In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.8.8Jun 6, 2017