{"id":"CVE-2017-9462","details":"In Mercurial before 4.1.3, \"hg serve --stdio\" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.","aliases":["GHSA-ghjx-3jg5-h6r2","PYSEC-2017-91"],"modified":"2026-03-12T22:41:26.548400Z","published":"2017-06-06T21:29:00.393Z","related":["MGASA-2017-0182","SUSE-SU-2017:1558-1","SUSE-SU-2017:1606-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-18"},{"type":"ADVISORY","url":"https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499"},{"type":"ADVISORY","url":"https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3963"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99123"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1576"},{"type":"FIX","url":"https://bugs.debian.org/861243"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"4.1.3"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9462.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}