It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. (CVE-2019-3902)
It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code. (CVE-2018-17983)
{ "binaries": [ { "binary_name": "mercurial", "binary_version": "4.5.3-1ubuntu2.2" }, { "binary_name": "mercurial-common", "binary_version": "4.5.3-1ubuntu2.2" }, { "binary_name": "mercurial-dbgsym", "binary_version": "4.5.3-1ubuntu2.2" } ], "availability": "No subscription required" }