Critical severity9.1NVD Advisory· Published Mar 14, 2018· Updated Jun 17, 2026
CVE-2018-1000132
CVE-2018-1000132
Description
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mercurialPyPI | < 4.5.1 | 4.5.1 |
Affected products
3- ghsa-coords3 versionspkg:pypi/mercurialpkg:rpm/opensuse/mercurial&distro=openSUSE%20Tumbleweedpkg:rpm/suse/mercurial&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 4.5.1+ 2 more
- (no CPE)range: < 4.5.1
- (no CPE)range: < 5.9.1-2.1
- (no CPE)range: < 2.8.2-15.10.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-4mr4-7vjv-9hm6ghsaADVISORY
- lists.debian.org/debian-lts-announce/2018/03/msg00034.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.debian.org/debian-lts-announce/2018/07/msg00005.htmlnvdMailing ListThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1000132ghsaADVISORY
- www.mercurial-scm.org/wiki/WhatsNewnvdRelease NotesVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:2276nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-87.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2020/07/msg00032.htmlnvdWEB
News mentions
0No linked articles in our index yet.