CVE-2019-3902

Summary

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

Affected Software

VendorProductVersion RangeStatus
The Mercurial Projectmercurialbefore 4.9affected

Weaknesses

  • CWE-22: CWE-22

ADP Enrichment

CVE Program Container

Additional References

References