This Metasploit module takes advantage of custom hg-ssh wrapper implementations that don't adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution.
3acc84b6f8e63aa4048c020f1cbb6715f0ebe485e8a5e708cb011992316f75e9