{
  "threat_severity" : "Moderate",
  "public_date" : "2008-08-13T00:00:00Z",
  "bugzilla" : {
    "description" : "mercurial: missing allowpull permission check in hgweb",
    "id" : "464631",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=464631"
  },
  "details" : [ "Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an \"hg pull\" request." ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2008-4297\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-4297" ],
  "name" : "CVE-2008-4297",
  "csaw" : false
}