First published: Mon Apr 22 2019(Updated: )
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mercurial Mercurial | <4.9 | |
Debian Debian Linux | =8.0 | |
Redhat Enterprise Linux | =7.0 | |
pip/mercurial | <4.9 | 4.9 |
debian/mercurial | 5.6.1-4 6.3.2-1 6.9-1 | |
<4.9 | ||
=8.0 | ||
=7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3902 is a vulnerability found in Mercurial before version 4.9 that allows the use of symlinks and subrepositories to write files outside a repository.
CVE-2019-3902 affects Mercurial before version 4.9 by defeating Mercurial's path-checking logic and enabling the writing of files outside a repository.
The severity of CVE-2019-3902 is medium with a severity value of 5.9.
Mercurial before version 4.9, Debian Linux 8.0, and Redhat Enterprise Linux 7.0 are affected by CVE-2019-3902.
To fix CVE-2019-3902, users should update Mercurial to version 4.9 or higher.