Skip to content

Commit 3e6427c

Browse files
tonytony
committed
docs(CHANGES): Detail CVE-2022-21187 for 0.11.1
1 parent 9f9626b commit 3e6427c

File tree

1 file changed

+7
-3
lines changed

1 file changed

+7
-3
lines changed

CHANGES

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,15 @@
66

77
## libvcs 0.11.1 (2022-03-12)
88

9-
### Potential command injection via mercurial URLs
9+
### CVE-2022-21187: Command Injection with mercurial repositories
1010

1111
- By setting a mercurial URL with an alias it is possible to execute arbitrary shell commands via
12-
`.obtain()` or in the case of uncloned destinations, `.update_repo()`. (#306, credit: Alessio
13-
Della Libera)
12+
`.obtain()` or in the case of uncloned destinations, `.update_repo()`.
13+
([#306](https://github.com/vcs-python/libvcs/pull/306), credit: Alessio Della Libera)
14+
15+
See also: [cve.mitre.org](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21187),
16+
[nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2022-21187),
17+
[snyk](https://security.snyk.io/vuln/SNYK-PYTHON-LIBVCS-2421204).
1418

1519
### Development
1620

0 commit comments

Comments
 (0)