Package Instance

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3069

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3069.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3069.json

reference_url

reference_id

reference_type

scores

value	0.0283
scoring_system	epss
scoring_elements	0.86472
published_at	2026-06-05T12:55:00Z

value	0.0283
scoring_system	epss
scoring_elements	0.86449
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3069

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-27.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-27.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/197eed39e3d5

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/197eed39e3d5

reference_url

https://selenic.com/repo/hg-stable/rev/80cac1de6aea

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/80cac1de6aea

reference_url

https://selenic.com/repo/hg-stable/rev/ae279d4a19e9

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/ae279d4a19e9

reference_url

https://selenic.com/repo/hg-stable/rev/b732e7f2aba4

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/b732e7f2aba4

reference_url

https://selenic.com/repo/hg-stable/rev/cdda7b96afff

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/cdda7b96afff

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1320155
reference_id	1320155
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1320155

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
reference_id	819504
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3069

reference_id

CVE-2016-3069

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3069

reference_url	https://github.com/advisories/GHSA-8fm8-7365-5rh2
reference_id	GHSA-8fm8-7365-5rh2
reference_type
scores
url	https://github.com/advisories/GHSA-8fm8-7365-5rh2

reference_url	https://access.redhat.com/errata/RHSA-2016:0706
reference_id	RHSA-2016:0706
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0706

fixed_packages

url pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

purl pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-16q8-up17-hkd7

vulnerability	VCID-2996-7bgv-eqdv

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-dybb-af3z-zbce

vulnerability	VCID-h8ah-p1pj-3bc3

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-n9rd-9dpp-t3cc

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

vulnerability	VCID-zcq8-8axd-q3eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@2.2.2-4%252Bdeb7u2

url pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

purl pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-h8ah-p1pj-3bc3

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

vulnerability	VCID-zcq8-8axd-q3eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%252Bdeb8u4

aliases CVE-2016-3069, GHSA-8fm8-7365-5rh2, PYSEC-2016-27

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-16q8-up17-hkd7

url VCID-2996-7bgv-eqdv

vulnerability_id VCID-2996-7bgv-eqdv

summary The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

references

reference_url

http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html

reference_url

http://lists.opensuse.org/opensuse-updates/2015-03/msg00085.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2015-03/msg00085.html

reference_url

http://mercurial.selenic.com/wiki/WhatsNew

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://mercurial.selenic.com/wiki/WhatsNew

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9462.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9462.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9462

reference_id

reference_type

scores

value	0.01129
scoring_system	epss
scoring_elements	0.78678
published_at	2026-06-05T12:55:00Z

value	0.01129
scoring_system	epss
scoring_elements	0.78651
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9462

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9462
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9462

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2015-14.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2015-14.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3257

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3257

reference_url

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

reference_url	http://www.osvdb.org/119816
reference_id
reference_type
scores
url	http://www.osvdb.org/119816

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1204807
reference_id	1204807
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1204807

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783237
reference_id	783237
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783237

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-9462

reference_id

CVE-2014-9462

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-9462

reference_url	https://github.com/advisories/GHSA-3pmw-h7j4-rf54
reference_id	GHSA-3pmw-h7j4-rf54
reference_type
scores
url	https://github.com/advisories/GHSA-3pmw-h7j4-rf54

fixed_packages

url pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

purl pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-16q8-up17-hkd7

vulnerability	VCID-2996-7bgv-eqdv

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-dybb-af3z-zbce

vulnerability	VCID-h8ah-p1pj-3bc3

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-n9rd-9dpp-t3cc

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

vulnerability	VCID-zcq8-8axd-q3eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@2.2.2-4%252Bdeb7u2

url pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

purl pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-h8ah-p1pj-3bc3

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

vulnerability	VCID-zcq8-8axd-q3eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%252Bdeb8u4

aliases CVE-2014-9462, GHSA-3pmw-h7j4-rf54, PYSEC-2015-14

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2996-7bgv-eqdv

url VCID-71pc-96mg-ufbt

vulnerability_id VCID-71pc-96mg-ufbt

summary multiple issues

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000115.json

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000115.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000115

reference_id

reference_type

scores

value	0.02142
scoring_system	epss
scoring_elements	0.84531
published_at	2026-06-04T12:55:00Z

value	0.02142
scoring_system	epss
scoring_elements	0.84555
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:P

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-88.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-88.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100290

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1480330
reference_id	1480330
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1480330

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871709
reference_id	871709
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871709

reference_url	https://security.archlinux.org/ASA-201708-7
reference_id	ASA-201708-7
reference_type
scores
url	https://security.archlinux.org/ASA-201708-7

reference_url

reference_id

AVG-378

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000115

reference_url

reference_id

CVE-2017-1000115

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000115

reference_url	https://github.com/advisories/GHSA-hvr9-wr9p-grgr
reference_id	GHSA-hvr9-wr9p-grgr
reference_type
scores
url	https://github.com/advisories/GHSA-hvr9-wr9p-grgr

fixed_packages

url pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

purl pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-h8ah-p1pj-3bc3

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

vulnerability	VCID-zcq8-8axd-q3eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%252Bdeb8u4

url pkg:deb/debian/mercurial@4.0-1%2Bdeb9u1

purl pkg:deb/debian/mercurial@4.0-1%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-h8ah-p1pj-3bc3

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

vulnerability	VCID-zcq8-8axd-q3eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@4.0-1%252Bdeb9u1

url pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

purl pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tsye-4m91-6ba1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@4.8.2-1%252Bdeb10u1

aliases CVE-2017-1000115, GHSA-hvr9-wr9p-grgr, PYSEC-2017-88

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71pc-96mg-ufbt

url VCID-b7rg-cd13-aygs

vulnerability_id VCID-b7rg-cd13-aygs

summary cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17983.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17983.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17983

reference_id

reference_type

scores

value	0.00425
scoring_system	epss
scoring_elements	0.62585
published_at	2026-06-05T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.6254
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17983

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17983
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17983

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-91.yaml

reference_url

https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1637556
reference_id	1637556
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1637556

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-17983

reference_id

CVE-2018-17983

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-17983

reference_url	https://github.com/advisories/GHSA-p575-cf9h-wv42
reference_id	GHSA-p575-cf9h-wv42
reference_type
scores
url	https://github.com/advisories/GHSA-p575-cf9h-wv42

reference_url	https://usn.ubuntu.com/5102-1/
reference_id	USN-5102-1
reference_type
scores
url	https://usn.ubuntu.com/5102-1/

reference_url	https://usn.ubuntu.com/USN-5102-2/
reference_id	USN-USN-5102-2
reference_type
scores
url	https://usn.ubuntu.com/USN-5102-2/

fixed_packages

url pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

purl pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tsye-4m91-6ba1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@4.8.2-1%252Bdeb10u1

aliases CVE-2018-17983, GHSA-p575-cf9h-wv42, PYSEC-2018-91

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7rg-cd13-aygs

url VCID-dybb-af3z-zbce

vulnerability_id VCID-dybb-af3z-zbce

summary Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3068

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3068.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3068.json

reference_url

reference_id

reference_type

scores

value	0.05001
scoring_system	epss
scoring_elements	0.89884
published_at	2026-06-04T12:55:00Z

value	0.05001
scoring_system	epss
scoring_elements	0.89899
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-26.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-26.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/34d43cb85de8

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/34d43cb85de8

reference_url

https://web.archive.org/web/20200228003737/http://www.securityfocus.com/bid/85733

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228003737/http://www.securityfocus.com/bid/85733

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

reference_url	http://www.securityfocus.com/bid/85733
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/85733

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1319768
reference_id	1319768
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1319768

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
reference_id	819504
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3068

reference_id

CVE-2016-3068

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3068

reference_url	https://github.com/advisories/GHSA-j7c2-rqm3-c97m
reference_id	GHSA-j7c2-rqm3-c97m
reference_type
scores
url	https://github.com/advisories/GHSA-j7c2-rqm3-c97m

reference_url	https://access.redhat.com/errata/RHSA-2016:0706
reference_id	RHSA-2016:0706
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0706

fixed_packages

url pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

purl pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-16q8-up17-hkd7

vulnerability	VCID-2996-7bgv-eqdv

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-dybb-af3z-zbce

vulnerability	VCID-h8ah-p1pj-3bc3

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-n9rd-9dpp-t3cc

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

vulnerability	VCID-zcq8-8axd-q3eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@2.2.2-4%252Bdeb7u2

url pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

purl pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-h8ah-p1pj-3bc3

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

vulnerability	VCID-zcq8-8axd-q3eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%252Bdeb8u4

aliases CVE-2016-3068, GHSA-j7c2-rqm3-c97m, PYSEC-2016-26

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dybb-af3z-zbce

url VCID-h8ah-p1pj-3bc3

vulnerability_id VCID-h8ah-p1pj-3bc3

summary The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13348.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13348.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-13348

reference_id

reference_type

scores

value	0.00662
scoring_system	epss
scoring_elements	0.71589
published_at	2026-06-05T12:55:00Z

value	0.00662
scoring_system	epss
scoring_elements	0.71545
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-13348

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13348
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13348

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url

https://www.mercurial-scm.org/repo/hg/rev/90a274965de7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/repo/hg/rev/90a274965de7

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1594083
reference_id	1594083
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1594083

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050
reference_id	901050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901050

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-13348

reference_id

CVE-2018-13348

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-13348

reference_url

https://github.com/advisories/GHSA-3v62-ww8w-758m

reference_id

GHSA-3v62-ww8w-758m

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3v62-ww8w-758m

fixed_packages

url pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

purl pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tsye-4m91-6ba1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@4.8.2-1%252Bdeb10u1

aliases CVE-2018-13348, GHSA-3v62-ww8w-758m, PYSEC-2018-90

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8ah-p1pj-3bc3

url VCID-knzd-ju2a-hbe5

vulnerability_id VCID-knzd-ju2a-hbe5

summary The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2016-05/msg00082.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-05/msg00082.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3105.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3105.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3105

reference_id

reference_type

scores

value	0.0118
scoring_system	epss
scoring_elements	0.79092
published_at	2026-06-04T12:55:00Z

value	0.0118
scoring_system	epss
scoring_elements	0.79119
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3105

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-28.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-28.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3105

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3105

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/hg/rev/a56296f55a5e

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/hg/rev/a56296f55a5e

reference_url

https://web.archive.org/web/20200228012056/http://www.securityfocus.com/bid/90536

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228012056/http://www.securityfocus.com/bid/90536

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29

reference_url

http://www.debian.org/security/2016/dsa-3570

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3570

reference_url	http://www.securityfocus.com/bid/90536
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90536

reference_url

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1332945
reference_id	1332945
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1332945

reference_url	https://github.com/advisories/GHSA-49cw-434h-qc57
reference_id	GHSA-49cw-434h-qc57
reference_type
scores
url	https://github.com/advisories/GHSA-49cw-434h-qc57

fixed_packages

url pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

purl pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-h8ah-p1pj-3bc3

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

vulnerability	VCID-zcq8-8axd-q3eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%252Bdeb8u4

url pkg:deb/debian/mercurial@3.9.1-1~bpo8%2B1

purl pkg:deb/debian/mercurial@3.9.1-1~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-h8ah-p1pj-3bc3

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

vulnerability	VCID-zcq8-8axd-q3eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.9.1-1~bpo8%252B1

aliases CVE-2016-3105, GHSA-49cw-434h-qc57, PYSEC-2016-28

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-knzd-ju2a-hbe5

url VCID-n9rd-9dpp-t3cc

vulnerability_id VCID-n9rd-9dpp-t3cc

summary The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3630.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3630.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3630

reference_id

reference_type

scores

value	0.05192
scoring_system	epss
scoring_elements	0.90106
published_at	2026-06-05T12:55:00Z

value	0.05192
scoring_system	epss
scoring_elements	0.9009
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3630

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3630

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-29.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2016-29.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf

reference_url

https://selenic.com/repo/hg-stable/rev/b9714d958e89

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://selenic.com/repo/hg-stable/rev/b9714d958e89

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1322264
reference_id	1322264
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1322264

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504
reference_id	819504
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819504

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3630

reference_id

CVE-2016-3630

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3630

reference_url	https://github.com/advisories/GHSA-9vjf-jjcq-3gh7
reference_id	GHSA-9vjf-jjcq-3gh7
reference_type
scores
url	https://github.com/advisories/GHSA-9vjf-jjcq-3gh7

fixed_packages

url pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

purl pkg:deb/debian/mercurial@2.2.2-4%2Bdeb7u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-16q8-up17-hkd7

vulnerability	VCID-2996-7bgv-eqdv

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-dybb-af3z-zbce

vulnerability	VCID-h8ah-p1pj-3bc3

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-n9rd-9dpp-t3cc

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

vulnerability	VCID-zcq8-8axd-q3eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@2.2.2-4%252Bdeb7u2

url pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

purl pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-h8ah-p1pj-3bc3

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

vulnerability	VCID-zcq8-8axd-q3eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%252Bdeb8u4

aliases CVE-2016-3630, GHSA-9vjf-jjcq-3gh7, PYSEC-2016-29

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9rd-9dpp-t3cc

url VCID-tsye-4m91-6ba1

vulnerability_id VCID-tsye-4m91-6ba1

summary A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3902.json

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3902.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3902

reference_id

reference_type

scores

value	0.00541
scoring_system	epss
scoring_elements	0.68047
published_at	2026-06-05T12:55:00Z

value	0.00541
scoring_system	epss
scoring_elements	0.68008
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3902

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3902

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2019-188.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/04/msg00024.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

reference_url

https://usn.ubuntu.com/4086-1

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4086-1

reference_url	https://usn.ubuntu.com/4086-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4086-1/

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1696025
reference_id	1696025
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1696025

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927674
reference_id	927674
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927674

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3902

reference_id

CVE-2019-3902

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3902

reference_url

https://github.com/advisories/GHSA-mq66-vcfc-8246

reference_id

GHSA-mq66-vcfc-8246

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mq66-vcfc-8246

reference_url	https://usn.ubuntu.com/5102-1/
reference_id	USN-5102-1
reference_type
scores
url	https://usn.ubuntu.com/5102-1/

reference_url	https://usn.ubuntu.com/USN-5102-2/
reference_id	USN-USN-5102-2
reference_type
scores
url	https://usn.ubuntu.com/USN-5102-2/

fixed_packages

url	pkg:deb/debian/mercurial@5.6.1-4
purl	pkg:deb/debian/mercurial@5.6.1-4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@5.6.1-4

aliases CVE-2019-3902, GHSA-mq66-vcfc-8246, PYSEC-2019-188

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tsye-4m91-6ba1

url VCID-utkv-unr7-c3dq

vulnerability_id VCID-utkv-unr7-c3dq

summary multiple issues

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000116.json

reference_url

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000116.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000116

reference_id

reference_type

scores

value	0.04585
scoring_system	epss
scoring_elements	0.8941
published_at	2026-06-04T12:55:00Z

value	0.04585
scoring_system	epss
scoring_elements	0.89428
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000116

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-89.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-89.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227155758/http://www.securityfocus.com/bid/100290

reference_url

https://wiki.mercurial-scm.org/WhatsNew/Archive

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://wiki.mercurial-scm.org/WhatsNew/Archive

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url	http://www.securityfocus.com/bid/100290
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100290

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1479915
reference_id	1479915
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1479915

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871710
reference_id	871710
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871710

reference_url	https://security.archlinux.org/ASA-201708-7
reference_id	ASA-201708-7
reference_type
scores
url	https://security.archlinux.org/ASA-201708-7

reference_url

reference_id

AVG-378

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000116

reference_url

reference_id

CVE-2017-1000116

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000116

reference_url

https://github.com/advisories/GHSA-3qmg-c9vc-r47j

reference_id

GHSA-3qmg-c9vc-r47j

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3qmg-c9vc-r47j

fixed_packages

url pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

purl pkg:deb/debian/mercurial@3.1.2-2%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-h8ah-p1pj-3bc3

vulnerability	VCID-knzd-ju2a-hbe5

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

vulnerability	VCID-zcq8-8axd-q3eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%252Bdeb8u4

url pkg:deb/debian/mercurial@4.0-1%2Bdeb9u1

purl pkg:deb/debian/mercurial@4.0-1%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-71pc-96mg-ufbt

vulnerability	VCID-b7rg-cd13-aygs

vulnerability	VCID-h8ah-p1pj-3bc3

vulnerability	VCID-tsye-4m91-6ba1

vulnerability	VCID-utkv-unr7-c3dq

vulnerability	VCID-zcq8-8axd-q3eg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@4.0-1%252Bdeb9u1

url pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

purl pkg:deb/debian/mercurial@4.8.2-1%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tsye-4m91-6ba1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@4.8.2-1%252Bdeb10u1

aliases CVE-2017-1000116, GHSA-3qmg-c9vc-r47j, PYSEC-2017-89

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utkv-unr7-c3dq

url VCID-zcq8-8axd-q3eg

vulnerability_id VCID-zcq8-8axd-q3eg

summary In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

references

reference_url

https://access.redhat.com/errata/RHSA-2017:1576

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:1576

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9462.json

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9462.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9462

reference_id

reference_type

scores

value	0.48699
scoring_system	epss
scoring_elements	0.97811
published_at	2026-06-04T12:55:00Z

value	0.48699
scoring_system	epss
scoring_elements	0.97814
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9462

reference_url

https://bugs.debian.org/861243

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.debian.org/861243

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9462
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9462

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:C/I:C/A:C

value	9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-ghjx-3jg5-h6r2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-ghjx-3jg5-h6r2

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-91.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2017-91.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227162318/http://www.securityfocus.com/bid/99123

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227162318/http://www.securityfocus.com/bid/99123

reference_url

https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499

reference_url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url