Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
{ "github_reviewed_at": "2024-05-01T16:53:44Z", "severity": "HIGH", "nvd_published_at": "2016-04-13T16:59:00Z", "github_reviewed": true, "cwe_ids": [ "CWE-20" ] }