CVE-2017-1000115: Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

high7.5CVSS 3.0

AVNACLPRNUINSUCNIHAN

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

21 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	mercurial	< mercurial 4.3.1-1 (bookworm)	mercurial 4.3.1-1 (bookworm)
memcached	memcached	>= 0 < 1.4.14-0ubuntu9.2	1.4.14-0ubuntu9.2
memcached	memcached	>= 0 < 1.4.25-2ubuntu1.3	1.4.25-2ubuntu1.3
mercurial	mercurial	< 4.3	4.3
mercurial	mercurial	>= 0 < 4.3.1-1	4.3.1-1
mercurial	mercurial	>= 0 < 4.3.1-1	4.3.1-1
mercurial	mercurial	>= 0 < 4.3.1-1	4.3.1-1
mercurial	mercurial	>= 0 < 4.3.1-1	4.3.1-1
mercurial	mercurial	>= 0 < 4.3.1	4.3.1
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_workstation	—	—

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

osv7.5HIGH