CVE-2008-4297

EPSS 0.76%

發布日:2008/9/27修改日:2026/4/28

也稱為:DEBIAN-CVE-2008-4297

描述

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.

受影響套件(1)

Debian/mercurialfrom 0, < 1.0.1-5.1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-4297