---

CVE-2017-1000116 - log back

CVE-2017-1000116 created at 25 Sep 2019 19:31:40
Severity	+ Critical
Remote	+ Remote
Type	+ Arbitrary command execution
Description	+ Mercurial < 4.3 was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a hostname starting with -oProxyCommand. This is also present in Git (CVE-2017-1000117) and Subversion (CVE-2017-9800), so please patch those tools as well if you have them installed.
References	+ https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
Notes