CVE-2017-1000115

High

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the…

mitre·CWE-59·Published 2017-10-04

CVSS

7.5

EPSS

0.04

KEV

Exploits

cve.orgen

142 chars

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

NVDen

142 chars

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

OSV.deven

142 chars

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

GHSAen

142 chars

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

NVDes

205 chars

Las versiones anteriores a la 4.3 de Mercurial son vulnerables a una falta de comprobación de symlink. Los repositorios maliciosos pueden aprovecharse de esto para modificar archivos fuera del repositorio.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
3.0	Primary	NVD	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N