Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 51bcdda

Browse filesBrowse files
tonytony
committed
docs(CHANGES): Detail CVE-2022-21187 for 0.11.1
1 parent 9f9626b commit 51bcdda
Copy full SHA for 51bcdda

File tree

Expand file treeCollapse file tree

1 file changed

+7
-1
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+7
-1
lines changed

‎CHANGES

Copy file name to clipboardExpand all lines: CHANGES
+7-1Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,18 @@
66

77
## libvcs 0.11.1 (2022-03-12)
88

9-
### Potential command injection via mercurial URLs
9+
### CVE-2022-21187: Command Injection with mercurial repositories
1010

1111
- By setting a mercurial URL with an alias it is possible to execute arbitrary shell commands via
1212
`.obtain()` or in the case of uncloned destinations, `.update_repo()`. (#306, credit: Alessio
1313
Della Libera)
1414

15+
See also:
16+
17+
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21187,
18+
https://nvd.nist.gov/vuln/detail/CVE-2022-21187
19+
- https://security.snyk.io/vuln/SNYK-PYTHON-LIBVCS-2421204
20+
1521
### Development
1622

1723
- Run pyupgrade formatting (#305)

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.