Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
{ "binaries": [ { "binary_version": "2.8.2-1ubuntu1.4", "binary_name": "mercurial" }, { "binary_version": "2.8.2-1ubuntu1.4", "binary_name": "mercurial-common" } ], "availability": "No subscription required" }