CVE Vulnerability

CVE-2008-2942

Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.selenic.com/hg/rev/87c704ac92d4 Exploit
http://www.openwall.com/lists/oss-security/2008/06/30/1
http://secunia.com/advisories/31108
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html
https://issues.rpath.com/browse/RPL-2633
http://www.securityfocus.com/bid/30072
http://www.openwall.com/lists/oss-security/2008/07/01/1
http://security.gentoo.org/glsa/glsa-200807-09.xml
http://wiki.rpath.com/Advisories:rPSA-2008-0211
http://secunia.com/advisories/31110
http://secunia.com/advisories/31167
https://exchange.xforce.ibmcloud.com/vulnerabilities/43551
http://www.securityfocus.com/archive/1/493881/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:mercurial:mercurial:1.0.1:*:*:*:*:*:*:*
Information

Published : 2008-06-30 08:41

Updated : 2018-10-11 08:45

NVD link : CVE-2008-2942

Mitre link : CVE-2008-2942

Products Affected
No products.
CWE
CWE-22