Moderate severityNVD Advisory· Published Oct 29, 2019· Updated Aug 7, 2024
CVE-2010-4237
CVE-2010-4237
Description
Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mercurialPyPI | < 1.6.4 | 1.6.4 |
Affected products
2Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-7gf7-7wx4-mxmwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2010-4237ghsaADVISORY
- bugs.debian.org/cgi-bin/bugreport.cgighsax_refsource_MISCWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- bz.mercurial-scm.org/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/dscho/hg/commit/4ea63fb25ceeeaaa4cd1026f733b7ea7672c30b3ghsaWEB
- github.com/dscho/hg/commit/89baabf4fb7abf30ef6fdcf3d455a7893e5cc145ghsaWEB
- repo.mercurial-scm.org/hg/rev/6ab4a7d3c179ghsaWEB
- repo.mercurial-scm.org/hg/rev/f2937d6492c5ghsaWEB
- security-tracker.debian.org/tracker/CVE-2010-4237ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.