CVE-2008-4297

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.
Configurations

Configuration 1

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*

Information

Published : 2008-09-27 10:30

Updated : 2018-10-11 08:51


NVD link : CVE-2008-4297

Mitre link : CVE-2008-4297

Products Affected
No products.
CWE