-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mercurial | pip | < 4.3 | 4.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper sanitization of hostnames in SSH URLs. The _make_ssh_cmd function is responsible for building the SSH connection command. Prior to version 4.3, this function likely concatenated raw hostname input into the command string without proper shell escaping. Security advisories explicitly mention SSH command injection through malicious hostnames, and standard secure coding practices would require adding shell quoting (e.g., via util.shellquote()) around the hostname parameter - a fix implemented in the patched version 4.3.
A Semantic Attack on Google Gemini - Read the Latest Research