PT-2008-4379 · Mercurial · Mercurial

Nico Golde

Published

2008-06-30

Updated

2024-06-15

CVE-2008-2942

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mercurial versions 1.0.1 through 1.0.1 Mercurial versions prior to 1.0.2

Description The issue allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file. This is due to a directory traversal vulnerability in the patch.py file.

Recommendations For Mercurial version 1.0.1, update to version 1.0.2 or later to resolve the issue. For Mercurial versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the patch.py file until a patch is available.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2008-2942

GHSA-V2GW-X5JF-PGWV

OPENSUSE-SU-2024:10586-1

Affected Products

Mercurial

PT-2008-4379 · Mercurial · Mercurial

CVE-2008-2942

Weakness Enumeration

Related Identifiers

Affected Products

References · 30