CVE-2008-4297

Name of the Vulnerable Software and Affected Versions: Mercurial versions prior to 1.0.2

Description: The issue concerns the enforcement of the allowpull permission setting for a pull operation from hgweb. It allows remote attackers to read arbitrary files from a repository via an "hg pull" request.

Recommendations: For versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue.