CVE-2017-1000116: mercurial: command injection on clients through malicious ssh URLs

Severity: Critical

CVSS Score: 9.8

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.