Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-673d-uck5-tbb7
Vulnerability ID VCID-673d-uck5-tbb7
Aliases CVE-2010-4237
GHSA-7gf7-7wx4-mxmw
Summary Mercurial Improper Certificate Validation vulnerability Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-295 Improper Certificate Validation
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2010-4237
cvssv3.1 5.9 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841
generic_textual MODERATE https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841
cvssv3.1 5.9 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4237
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4237
cvssv3.1 5.9 https://bz.mercurial-scm.org/show_bug.cgi?id=2407
generic_textual MODERATE https://bz.mercurial-scm.org/show_bug.cgi?id=2407
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-7gf7-7wx4-mxmw
cvssv3.1 5.9 https://github.com/dscho/hg/commit/4ea63fb25ceeeaaa4cd1026f733b7ea7672c30b3
generic_textual MODERATE https://github.com/dscho/hg/commit/4ea63fb25ceeeaaa4cd1026f733b7ea7672c30b3
cvssv3.1 5.9 https://github.com/dscho/hg/commit/89baabf4fb7abf30ef6fdcf3d455a7893e5cc145
generic_textual MODERATE https://github.com/dscho/hg/commit/89baabf4fb7abf30ef6fdcf3d455a7893e5cc145
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2010-4237
cvssv3.1 5.9 https://nvd.nist.gov/vuln/detail/CVE-2010-4237
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2010-4237
cvssv3.1 5.9 https://repo.mercurial-scm.org/hg/rev/6ab4a7d3c179
generic_textual MODERATE https://repo.mercurial-scm.org/hg/rev/6ab4a7d3c179
cvssv3.1 5.9 https://repo.mercurial-scm.org/hg/rev/f2937d6492c5
generic_textual MODERATE https://repo.mercurial-scm.org/hg/rev/f2937d6492c5
cvssv3.1 5.9 https://security-tracker.debian.org/tracker/CVE-2010-4237
generic_textual MODERATE https://security-tracker.debian.org/tracker/CVE-2010-4237
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4237.json
https://api.first.org/data/v1/epss?cve=CVE-2010-4237
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4237
https://bz.mercurial-scm.org/show_bug.cgi?id=2407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4237
https://github.com/dscho/hg/commit/4ea63fb25ceeeaaa4cd1026f733b7ea7672c30b3
https://github.com/dscho/hg/commit/89baabf4fb7abf30ef6fdcf3d455a7893e5cc145
https://repo.mercurial-scm.org/hg/rev/6ab4a7d3c179
https://repo.mercurial-scm.org/hg/rev/f2937d6492c5
641373 https://bugzilla.redhat.com/show_bug.cgi?id=641373
cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
CVE-2010-4237 https://nvd.nist.gov/vuln/detail/CVE-2010-4237
CVE-2010-4237 https://security-tracker.debian.org/tracker/CVE-2010-4237
GHSA-7gf7-7wx4-mxmw https://github.com/advisories/GHSA-7gf7-7wx4-mxmw
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4237
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://bz.mercurial-scm.org/show_bug.cgi?id=2407
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/dscho/hg/commit/4ea63fb25ceeeaaa4cd1026f733b7ea7672c30b3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/dscho/hg/commit/89baabf4fb7abf30ef6fdcf3d455a7893e5cc145
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2010-4237
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2010-4237
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://repo.mercurial-scm.org/hg/rev/6ab4a7d3c179
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://repo.mercurial-scm.org/hg/rev/f2937d6492c5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://security-tracker.debian.org/tracker/CVE-2010-4237
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.53877
EPSS Score 0.00307
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:49:51.532260+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mercurial/CVE-2010-4237.yml 38.0.0