Homec4science
Diffusion Phabricator 80b8dc521d14

Fix Mercurial command injection vulnerability
80b8dc521d14
Actions

Authored by epriestley <git@epriestley.com> on Mar 20 2015, 17:26.

Description

Fix Mercurial command injection vulnerability

Summary: See http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html.

Test Plan: Crafted bad remote URL; got error instead of code execution.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D12112

Details

Committed
epriestley <git@epriestley.com>Mar 20 2015, 17:26
Pushed
aubortJan 31 2017, 17:16
Parents
rPHb7fa55ff9396: Fix improper selection of the chunk engine as a writable engine
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH80b8dc521d14: Fix Mercurial command injection vulnerability (authored by epriestley <git@epriestley.com>).Mar 20 2015, 17:26

Changes (4)

Path
Msrc/__phutil_library_map__.php
Msrc/applications/config/check/PhabricatorBinariesSetupCheck.php
Asrc/applications/repository/constants/PhabricatorRepositoryVersion.php
Msrc/applications/repository/engine/PhabricatorRepositoryPullEngine.php

rPH80b8dc521d14

View Options

src/__phutil_library_map__.php

Loading...
View Options

src/applications/config/check/PhabricatorBinariesSetupCheck.php

Loading...
View Options

src/applications/repository/constants/PhabricatorRepositoryVersion.php

Loading...
View Options

src/applications/repository/engine/PhabricatorRepositoryPullEngine.php

Loading...
c4science ยท Help