PT-2018-11787 · Mercurial Scm+1 · Mercurial+1

Publicado

2018-07-24

Atualizado

2020-08-24

CVE-2018-13386

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sourcetree for Windows versions prior to 2.6.9

Description The issue allows an attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows to exploit an argument injection vulnerability via filenames in these repositories. This can lead to code execution on the system.

Recommendations For versions prior to 2.6.9, update to version 2.6.9 or later to resolve the issue.

Correção

Argument Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-88

Identificadores relacionados

CVE-2018-13386

Produtos afetados

Mercurial

Sourcetree For Windows

PT-2018-11787 · Mercurial Scm+1 · Mercurial+1

CVE-2018-13386

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3