Mercurial Custom hg-ssh Wrapper Remote Code Execution

This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don’t adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution. Source: Mercurial Custom hg-ssh Wrapper Remote Code Execution