PT-2018-11786 · Atlassian · Sourcetree
Publicado
2018-07-24
·
Atualizado
2020-05-11
·
CVE-2018-13385
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sourcetree for macOS versions 1.0b2 through 2.7.6
Description
The issue is related to an argument injection vulnerability in Sourcetree for macOS, specifically via filenames in Mercurial repositories. An attacker who has permission to commit to a linked Mercurial repository can exploit this to gain code execution on the system.
Recommendations
For versions 1.0b2 through 2.7.6, update to version 2.7.6 or later to resolve the issue.
Correção
Argument Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sourcetree