File tree 1 file changed +7
-3
lines changed
1 file changed +7
-3
lines changed Original file line number Diff line number Diff line change 66
77## libvcs 0.11.1 (2022-03-12)
88
9- ### Potential command injection via mercurial URLs
9+ ### CVE- 2022 -21187: Command Injection with mercurial repositories
1010
1111- By setting a mercurial URL with an alias it is possible to execute arbitrary shell commands via
12- ` .obtain() ` or in the case of uncloned destinations, ` .update_repo() ` . (#306 , credit: Alessio
13- Della Libera)
12+ ` .obtain() ` or in the case of uncloned destinations, ` .update_repo() ` .
13+ ([ #306 ] ( https://github.com/vcs-python/libvcs/pull/306 ) , credit: Alessio Della Libera)
14+
15+ See also: [ cve.mitre.org] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21187 ) ,
16+ [ nvd.nist.gov] ( https://nvd.nist.gov/vuln/detail/CVE-2022-21187 ) ,
17+ [ snyk] ( https://security.snyk.io/vuln/SNYK-PYTHON-LIBVCS-2421204 ) .
1418
1519### Development
1620
You can’t perform that action at this time.
0 commit comments