Package impact
PyPI / mercurial
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-1000116 | critical | 9.8 | 9.8 | 4y ago | Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | |
| CVE-2017-17458 | critical | 9.8 | 9.8 | 4y ago | In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the rep… | |
| CVE-2014-9390 | unknown | — | — | 4y ago | JGit Improper Input Validation vulnerability |