Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The package libvcs before 0.11.1 is vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution.