« List of all CVEs

CVE-2010-4237

Published: 10/29/2019 Last updated: 8/7/2024 Reserved: 11/15/2010

Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.

CNA assigner: canonical (cc1ad9ee-3454-478d-9317-d3e869d708bc) Requested by: n/a

Opam packages affected (1)

conf-hg

Products affected (1)

Product Vendor Version
mercurial mercurial < 36670b67de18f1e5d34900c5d2ac60a8970c293c

References (16)