Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.
Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.
In Mercurial, "hg serve –stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using –debugger as a repository name.