CVE-2017-1000116

ADVISORY - github

Summary

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

EPSS Score⁠: 0.03608 (0.873)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-78⁠

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADVISORY - github

CWE-78⁠

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-78⁠

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-20⁠

Improper Input Validation

Impacted images

Advisories

NIST

CREATED

8 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2017-1000116⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-78⁠

CVSS SCORE

9.8critical

GitHub

CREATED

3 years ago

UPDATED

11 months ago

ADVISORY IDGHSA-3qmg-c9vc-r47j⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-78⁠

CVSS SCORE

9.3critical

Alpine

CREATED

8 years ago

UPDATED

6 months ago

ADVISORY IDCVE-2017-1000116⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

8 years ago

UPDATED

15 days ago

ADVISORY IDCVE-2017-1000116⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

8 years ago

UPDATED

6 months ago

ADVISORY IDCVE-2017-1000116⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.8medium

PypA

CREATED

8 years ago

UPDATED

4 years ago

ADVISORY ID

PYSEC-2017-89

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

3 years ago

UPDATED

11 months ago

ADVISORY ID

CVE-2017-1000116

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-78⁠CWE-937⁠

CVSS SCORE

9.8critical

Amazon

CREATED

8 years ago

UPDATED

8 years ago

ADVISORY IDALAS-2017-893⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

8 years ago

UPDATED

6 months ago

ADVISORY IDCVE-2017-1000116⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠

CVSS SCORE

6.3high

Oracle

CREATED

8 years ago

UPDATED

8 years ago

ADVISORY IDELSA-2017-2489⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh