Blake Burkhart

**Name of the Vulnerable Software and Affected Versions** Mercurial versions prior to 3.8 **Description** The issue allows context-dependent attackers to execute arbitrary code via a crafted git repository name. **Recommendations** For versions prior to 3.8, update to version 3.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mercurial versions prior to 3.7.3 **Description** The issue allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. **Recommendations** For versions prior to 3.7.3, update to version 3.7.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mercurial versions prior to 3.7.3 **Description** The issue allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. **Recommendations** For versions prior to 3.7.3, update to version 3.7.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Git versions prior to 2.3.10 Git versions 2.4.x prior to 2.4.10 Git versions 2.5.x prior to 2.5.4 Git versions 2.6.x prior to 2.6.1 **Description** The issue is related to the git-remote-ext and other remote helper programs in Git, which do not properly restrict allowed protocols. This might allow remote attackers to execute arbitrary code via a URL in a .gitmodules file or other sources in a submodule. **Recommendations** For Git versions prior to 2.3.10, update to version 2.3.10 or later. For Git versions 2.4.x prior to 2.4.10, update to version 2.4.10 or later. For Git versions 2.5.x prior to 2.5.4, update to version 2.5.4 or later. For Git versions 2.6.x prior to 2.6.1, update to version 2.6.1 or later.