CVE-2008-2942 — Path Traversal in Mercurial

CWE-22 — Path Traversal CWE-20 — Improper Input Validation8 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

0.6%

top 31.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mercurial Debian Mercurial

Timeline

PublishedJun 30

Latest updateMay 1

Description

Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/mercurial< mercurial 1.0.1-2 (bookworm)

▶PyPImercurial/mercurial< 1.0.2

▶Debianmercurial/mercurial< 1.0.1-2+3

▶NVDmercurial/mercurial1.0.1

🔴Vulnerability Details

OSV

Mercurial Directory traversal vulnerability↗2022-05-01

▶

GHSA

Mercurial Directory traversal vulnerability↗2022-05-01

▶

OSV

CVE-2008-2942: Directory traversal vulnerability in patch↗2008-06-30

▶

📋Vendor Advisories

Red Hat

mercurial: insufficient input validationn allowing file renames out of repository↗2008-06-25

▶

Debian

CVE-2008-2942: mercurial - Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-ass...↗2008

▶

💬Community

Bugzilla

CVE-2008-2942 CVE-2008-4297 mercurial: multiple security issues [Fedora 8]↗2008-09-29

▶

Bugzilla

CVE-2008-2942 mercurial: insufficient input validationn allowing file renames out of repository↗2008-07-01

▶