8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-3068

GHSA ID

GHSA-j7c2-rqm3-c97m

EPSS Score

0.86932%

CWE

CWE-20

Published

5/14/2022

Updated

9/24/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2016-3068

CVE-2016-3068:
Mercurial arbitrary code execution via a crafted git ext:: URL

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

(GitHub Advisory)

8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-3068

GHSA ID

GHSA-j7c2-rqm3-c97m

EPSS Score

0.86932%

CWE

CWE-20

Published

5/14/2022

Updated

9/24/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mercurial	pip	< 3.7.3	3.7.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

M*r*uri*l ***or* *.*.* *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** vi* * *r**t** *it *xt:: URL w**n *lonin* * su*r*pository.

Reasoning

No *n*lysis *v*il**l*

8.8

Basic Information

Concerned about an active attack path?

CVE-2016-3068: Mercurial arbitrary code execution via a crafted git ext:: URL

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

CVE-2016-3068:
Mercurial arbitrary code execution via a crafted git ext:: URL

Vulnerability Intelligence
Miggo AI