{"url":"http://public2.vulnerablecode.io/api/packages/94811?format=json","purl":"pkg:deb/debian/mercurial@3.1.2-2?distro=trixie","type":"deb","namespace":"debian","name":"mercurial","version":"3.1.2-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.4-1","latest_non_vulnerable_version":"7.2.2-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176933?format=json","vulnerability_id":"VCID-5nnu-33bm-qyaa","summary":"An attacker could execute arbitrary commands via Git repositories\n    in a case-insensitive or case-normalizing filesystem.","references":[{"reference_url":"http://article.gmane.org/gmane.linux.kernel/1853266","reference_id":"","reference_type":"","scores":[],"url":"http://article.gmane.org/gmane.linux.kernel/1853266"},{"reference_url":"http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html","reference_id":"","reference_type":"","scores":[],"url":"http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html"},{"reference_url":"http://mercurial.selenic.com/wiki/WhatsNew","reference_id":"","reference_type":"","scores":[],"url":"http://mercurial.selenic.com/wiki/WhatsNew"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390"},{"reference_url":"http://securitytracker.com/id?1031404","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1031404"},{"reference_url":"https://github.com/advisories/GHSA-6vvc-c2m3-cjf3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6vvc-c2m3-cjf3"},{"reference_url":"https://github.com/blog/1938-git-client-vulnerability-announced","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/blog/1938-git-client-vulnerability-announced"},{"reference_url":"https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"},{"reference_url":"https://libgit2.org/security/","reference_id":"","reference_type":"","scores":[],"url":"https://libgit2.org/security/"},{"reference_url":"https://news.ycombinator.com/item?id=8769667","reference_id":"","reference_type":"","scores":[],"url":"https://news.ycombinator.com/item?id=8769667"},{"reference_url":"http://support.apple.com/kb/HT204147","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT204147"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773640","reference_id":"773640","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773640"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774048","reference_id":"774048","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774048"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774050","reference_id":"774050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774050"},{"reference_url":"https://security.gentoo.org/glsa/201509-06","reference_id":"GLSA-201509-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201509-06"},{"reference_url":"https://security.gentoo.org/glsa/201612-19","reference_id":"GLSA-201612-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-19"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94811?format=json","purl":"pkg:deb/debian/mercurial@3.1.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94806?format=json","purl":"pkg:deb/debian/mercurial@5.6.1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@5.6.1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94804?format=json","purl":"pkg:deb/debian/mercurial@6.3.2-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@6.3.2-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94808?format=json","purl":"pkg:deb/debian/mercurial@7.0.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@7.0.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94807?format=json","purl":"pkg:deb/debian/mercurial@7.2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@7.2.2-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9390","GHSA-6vvc-c2m3-cjf3","PYSEC-2020-217"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5nnu-33bm-qyaa"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mercurial@3.1.2-2%3Fdistro=trixie"}