Mercurial · Mercurial · CVE-2017-9462
**Name of the Vulnerable Software and Affected Versions**
Mercurial versions prior to 4.1.3
**Description**
The issue is related to insufficient access control in Mercurial, specifically with the use of the command line parameter "hg serve --stdio". This can be exploited by a remote authenticated user to execute arbitrary code by using "--debugger" as a repository name, thereby launching the Python debugger.
**Recommendations**
For Mercurial versions prior to 4.1.3, update to version 4.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "hg serve --stdio" command to prevent potential exploitation.