vulnerability

Huawei EulerOS: CVE-2017-1000116: mercurial security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Oct 4, 2017	Nov 30, 2017	Aug 13, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Oct 4, 2017

Added

Nov 30, 2017

Modified

Aug 13, 2025

Description

A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a sub-repository within a malicious repository or a legitimate repository containing a malicious commit.

Solution

huawei-euleros-2_0_sp1-upgrade-mercurial

References

CVE-2017-100011
https://attackerkb.com/topics/CVE-2017-100011
CWE-78
EULEROS-EulerOS-SA-2017-1217

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today