Vulnerabilities > Mercurial > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-27 | CVE-2008-4297 | Permissions, Privileges, and Access Controls vulnerability in Mercurial Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request. | 5.0 |
| 2008-06-30 | CVE-2008-2942 | Path Traversal vulnerability in Mercurial 1.0.1 Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file. | 6.8 |