CVE-2016-3069
Description
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
Related CPE's
References
Third Party Advisory
Issue TrackingPatch
Third Party Advisory
Issue TrackingPatch
Issue TrackingPatch
Third Party Advisory
Issue TrackingPatch
Vendor Advisory
Third Party Advisory
Third Party Advisory
Issue TrackingPatch
Third Party Advisory
Third Party Advisory
Third Party Advisory
CvssV3 impact
BaseSeverity | HIGH |
ConfidentialityImpact | HIGH |
AttackComplexity | LOW |
Scope | UNCHANGED |
AttackVector | NETWORK |
AvailabilityImpact | HIGH |
IntegrityImpact | HIGH |
PrivilegesRequired | NONE |
BaseScore | 8.8 |
VectorString | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Version | 3.0 |
UserInteraction | REQUIRED |
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:M/Au:N/C:P/I:P/A:P |
AccessVector | NETWORK |
AccessComplexity | MEDIUM |
Authentication | NONE |
ConfidentialityImpact | PARTIAL |
IntegrityImpact | PARTIAL |
AvailabilityImpact | PARTIAL |
BaseScore | 6.800000190734863 |