Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Phacility Phabricator 安全漏洞
Vulnerability Description
Phacility Phabricator是美国Phacility公司的一套开源的基于Web的软件开发协作工具。该工具支持代码审查、变更监测以及错误跟踪等功能。 Phacility Phabricator 2017-11-10之前的版本中存在安全漏洞,该漏洞源于程序没有阻止发送到Mercurial hg程序的--config和--debugger旗标。远程攻击者可借助web UI利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A