CVE-2018-1000132: Mercurial Incorrect Access Control vulnerability
9.1
Basic Information
Technical Details
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
mercurial | pip | < 4.5.1 | 4.5.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided vulnerability information and references describe an Incorrect Access Control vulnerability in Mercurial's protocol server (CVE-2018-1000132) fixed in version 4.5.1. However, the GitHub patch details are explicitly shown as empty ({}) in the provided data, and none of the other sources (NVD, Debian/RH advisories, Mercurial release notes) include actual code changes or specific function references. While the vulnerability likely involved HTTP
protocol handling in the hgweb
module, there is insufficient evidence in the provided materials to identify exact function names, file paths, or patch line changes required by the analysis guidelines. Without concrete patch evidence showing modified functions, we cannot confidently specify vulnerable functions meeting the required precision for runtime detection signatures.