PT-2018-5684 · Atlassian · Sourcetree
Zhang Tianqi
·
Publicado
2018-01-26
·
Atualizado
2020-05-11
·
CVE-2017-14592
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Sourcetree for macOS versions 1.0b2 through 2.7.0
Description:
The issue affects the handling of Mercurial and Git repositories in Sourcetree for macOS, allowing an attacker with commit permission to a linked repository to exploit argument and command injection bugs and gain code execution on the system. This can be triggered from a webpage using the Sourcetree URI handler from version 1.4.0 onwards.
Recommendations:
For Sourcetree for macOS versions 1.0b2 through 2.7.0, update to version 2.7.0 or later to resolve the issue.
Correção
Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sourcetree