Mercurial: >> Mercurial >> 4.6.1 Security Vulnerabilities
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
CVSS Score
5.1
EPSS Score
0.004
Published
2019-04-22
cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
CVSS Score
9.1
EPSS Score
0.004
Published
2018-10-04