Ethan Blanton

**Name of the Vulnerable Software and Affected Versions** Mercurial versions prior to 4.1.3 **Description** The issue is related to insufficient access control in Mercurial, specifically with the use of the command line parameter "hg serve --stdio". This can be exploited by a remote authenticated user to execute arbitrary code by using "--debugger" as a repository name, thereby launching the Python debugger. **Recommendations** For Mercurial versions prior to 4.1.3, update to version 4.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "hg serve --stdio" command to prevent potential exploitation.