Skip to content

Commit 51bcdda

Browse files
tonytony
committed
docs(CHANGES): Detail CVE-2022-21187 for 0.11.1
1 parent 9f9626b commit 51bcdda

File tree

1 file changed

+7
-1
lines changed

1 file changed

+7
-1
lines changed

CHANGES

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,18 @@
66

77
## libvcs 0.11.1 (2022-03-12)
88

9-
### Potential command injection via mercurial URLs
9+
### CVE-2022-21187: Command Injection with mercurial repositories
1010

1111
- By setting a mercurial URL with an alias it is possible to execute arbitrary shell commands via
1212
`.obtain()` or in the case of uncloned destinations, `.update_repo()`. (#306, credit: Alessio
1313
Della Libera)
1414

15+
See also:
16+
17+
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21187,
18+
https://nvd.nist.gov/vuln/detail/CVE-2022-21187
19+
- https://security.snyk.io/vuln/SNYK-PYTHON-LIBVCS-2421204
20+
1521
### Development
1622

1723
- Run pyupgrade formatting (#305)

0 commit comments

Comments
 (0)