By corbet It turns out that even rather different source-code management systems can
have similar vulnerabilities. This can be seen in the Git v2.14.1,
Mercurial 4.3, and
Subversion 1.9.7 releases (plus updates of
older releases). In each case, it’s possible to provide a malicious
that ends up executing code; these URLs can be buried out
of sight in existing repositories. Updating would be a good idea,
regardless of which system you use.