CVE-2017-1000115

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository

No CVSS v3.1

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors	Products
Redhat	Enterprise Linux Server Enterprise Linux Server Eus Enterprise Linux Server Tus Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server Aus
Mercurial	Mercurial
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

References

Link	Resource
http://www.debian.org/security/2017/dsa-3963	Third Party Advisory
http://www.securityfocus.com/bid/100290	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:2489	Third Party Advisory
https://security.gentoo.org/glsa/201709-18	Third Party Advisory VDB Entry
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29	Release Notes Vendor Advisory