{
  "threat_severity" : "Important",
  "public_date" : "2017-08-10T00:00:00Z",
  "bugzilla" : {
    "description" : "mercurial: command injection on clients through malicious ssh URLs",
    "id" : "1479915",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1479915"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.", "A shell command injection flaw related to the handling of \"ssh\" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a \"checkout\" or \"update\" action on a sub-repository within a malicious repository or a legitimate repository containing a malicious commit." ],
  "acknowledgement" : "Red Hat would like to thank the Subversion Team for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-08-17T00:00:00Z",
    "advisory" : "RHSA-2017:2489",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "mercurial-0:2.6.2-8.el7_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "mercurial",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-1000116\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000116\nhttps://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29" ],
  "name" : "CVE-2017-1000116",
  "csaw" : false
}