Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/mercurial@4.4.1
Typepypi
Namespace
Namemercurial
Version4.4.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.9
Latest_non_vulnerable_version4.9
Affected_by_vulnerabilities
0
url VCID-1w83-uq69-skeb
vulnerability_id VCID-1w83-uq69-skeb
summary The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2276
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2276
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-88.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-88.yaml
2
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
3
reference_url https://www.mercurial-scm.org/repo/hg/rev/faa924469635
reference_id
reference_type
scores
url https://www.mercurial-scm.org/repo/hg/rev/faa924469635
4
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-13346
reference_id CVE-2018-13346
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-13346
6
reference_url https://github.com/advisories/GHSA-9xv4-r2hf-26gh
reference_id GHSA-9xv4-r2hf-26gh
reference_type
scores
url https://github.com/advisories/GHSA-9xv4-r2hf-26gh
fixed_packages
0
url pkg:pypi/mercurial@4.6.1
purl pkg:pypi/mercurial@4.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7rg-cd13-aygs
1
vulnerability VCID-tsye-4m91-6ba1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1
aliases CVE-2018-13346, GHSA-9xv4-r2hf-26gh, PYSEC-2018-88
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1w83-uq69-skeb
1
url VCID-b7rg-cd13-aygs
vulnerability_id VCID-b7rg-cd13-aygs
summary cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml
1
reference_url https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
reference_id
reference_type
scores
url https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
2
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29
reference_id
reference_type
scores
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17983
reference_id CVE-2018-17983
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-17983
4
reference_url https://github.com/advisories/GHSA-p575-cf9h-wv42
reference_id GHSA-p575-cf9h-wv42
reference_type
scores
url https://github.com/advisories/GHSA-p575-cf9h-wv42
fixed_packages
0
url pkg:pypi/mercurial@4.7.2
purl pkg:pypi/mercurial@4.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tsye-4m91-6ba1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.7.2
aliases CVE-2018-17983, GHSA-p575-cf9h-wv42, PYSEC-2018-91
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7rg-cd13-aygs
2
url VCID-ex2f-cn1w-y7h5
vulnerability_id VCID-ex2f-cn1w-y7h5
summary mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2276
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2276
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-89.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-89.yaml
2
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
3
reference_url https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
reference_id
reference_type
scores
url https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
4
reference_url https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
reference_id
reference_type
scores
url https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
5
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-13347
reference_id CVE-2018-13347
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-13347
7
reference_url https://github.com/advisories/GHSA-3mjj-mr4f-qxmx
reference_id GHSA-3mjj-mr4f-qxmx
reference_type
scores
url https://github.com/advisories/GHSA-3mjj-mr4f-qxmx
fixed_packages
0
url pkg:pypi/mercurial@4.6.1
purl pkg:pypi/mercurial@4.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7rg-cd13-aygs
1
vulnerability VCID-tsye-4m91-6ba1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1
aliases CVE-2018-13347, GHSA-3mjj-mr4f-qxmx, PYSEC-2018-89
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ex2f-cn1w-y7h5
3
url VCID-h8ah-p1pj-3bc3
vulnerability_id VCID-h8ah-p1pj-3bc3
summary The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yaml
1
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
2
reference_url https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
reference_id
reference_type
scores
url https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
3
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
reference_id
reference_type
scores
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-13348
reference_id CVE-2018-13348
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-13348
5
reference_url https://github.com/advisories/GHSA-3v62-ww8w-758m
reference_id GHSA-3v62-ww8w-758m
reference_type
scores
url https://github.com/advisories/GHSA-3v62-ww8w-758m
fixed_packages
0
url pkg:pypi/mercurial@4.6.1
purl pkg:pypi/mercurial@4.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7rg-cd13-aygs
1
vulnerability VCID-tsye-4m91-6ba1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.6.1
aliases CVE-2018-13348, GHSA-3v62-ww8w-758m, PYSEC-2018-90
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8ah-p1pj-3bc3
4
url VCID-tsye-4m91-6ba1
vulnerability_id VCID-tsye-4m91-6ba1
summary A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml
2
reference_url https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html
3
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
4
reference_url https://usn.ubuntu.com/4086-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/4086-1
5
reference_url https://usn.ubuntu.com/4086-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4086-1/
6
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
reference_id
reference_type
scores
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3902
reference_id CVE-2019-3902
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3902
8
reference_url https://github.com/advisories/GHSA-mq66-vcfc-8246
reference_id GHSA-mq66-vcfc-8246
reference_type
scores
url https://github.com/advisories/GHSA-mq66-vcfc-8246
fixed_packages
0
url pkg:pypi/mercurial@4.9
purl pkg:pypi/mercurial@4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.9
aliases CVE-2019-3902, GHSA-mq66-vcfc-8246, PYSEC-2019-188
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tsye-4m91-6ba1
5
url VCID-zs6r-e6qt-bfbu
vulnerability_id VCID-zs6r-e6qt-bfbu
summary Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2276
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2276
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-87.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-87.yaml
2
reference_url https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html
3
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
4
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
5
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
reference_id
reference_type
scores
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000132
reference_id CVE-2018-1000132
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000132
7
reference_url https://github.com/advisories/GHSA-4mr4-7vjv-9hm6
reference_id GHSA-4mr4-7vjv-9hm6
reference_type
scores
url https://github.com/advisories/GHSA-4mr4-7vjv-9hm6
fixed_packages
0
url pkg:pypi/mercurial@4.5.1
purl pkg:pypi/mercurial@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w83-uq69-skeb
1
vulnerability VCID-b7rg-cd13-aygs
2
vulnerability VCID-ex2f-cn1w-y7h5
3
vulnerability VCID-h8ah-p1pj-3bc3
4
vulnerability VCID-tsye-4m91-6ba1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.5.1
aliases CVE-2018-1000132, GHSA-4mr4-7vjv-9hm6, PYSEC-2018-87
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zs6r-e6qt-bfbu
Fixing_vulnerabilities
0
url VCID-q5zm-xfyx-u7bn
vulnerability_id VCID-q5zm-xfyx-u7bn
summary In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.
references
0
reference_url https://bz.mercurial-scm.org/show_bug.cgi?id=5730
reference_id
reference_type
scores
url https://bz.mercurial-scm.org/show_bug.cgi?id=5730
1
reference_url https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html
reference_id
reference_type
scores
url https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html
2
reference_url https://github.com/dscho/hg
reference_id
reference_type
scores
url https://github.com/dscho/hg
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-90.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-90.yaml
4
reference_url https://lists.debian.org/debian-lts-announce/2017/12/msg00027.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2017/12/msg00027.html
5
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
6
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00041.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2018/07/msg00041.html
7
reference_url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
8
reference_url https://web.archive.org/web/20200227132808/http://www.securityfocus.com/bid/102926
reference_id
reference_type
scores
url https://web.archive.org/web/20200227132808/http://www.securityfocus.com/bid/102926
9
reference_url https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html
reference_id
reference_type
scores
url https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html
10
reference_url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29
reference_id
reference_type
scores
url https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29
11
reference_url http://www.securityfocus.com/bid/102926
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/102926
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17458
reference_id CVE-2017-17458
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-17458
13
reference_url https://github.com/advisories/GHSA-6v56-cpg6-3rpx
reference_id GHSA-6v56-cpg6-3rpx
reference_type
scores
url https://github.com/advisories/GHSA-6v56-cpg6-3rpx
fixed_packages
0
url pkg:pypi/mercurial@4.4.1
purl pkg:pypi/mercurial@4.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w83-uq69-skeb
1
vulnerability VCID-b7rg-cd13-aygs
2
vulnerability VCID-ex2f-cn1w-y7h5
3
vulnerability VCID-h8ah-p1pj-3bc3
4
vulnerability VCID-tsye-4m91-6ba1
5
vulnerability VCID-zs6r-e6qt-bfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.4.1
aliases CVE-2017-17458, GHSA-6v56-cpg6-3rpx, PYSEC-2017-90
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q5zm-xfyx-u7bn
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/mercurial@4.4.1