CVE-2017-14593

Name of the Vulnerable Software and Affected Versions: Sourcetree for Windows versions 0.5.1.0 through 2.4.7.0 (excluding 2.4.7.0)

Description: The issue affects the handling of Mercurial and Git repositories in Sourcetree for Windows, allowing an attacker with commit permission to a linked repository to exploit argument and command injection bugs and gain code execution on the system. This vulnerability can be triggered from a webpage using the Sourcetree URI handler, starting from version 0.8.4b.

Recommendations: For versions 0.5.1.0 through 2.4.7.0 (excluding 2.4.7.0), update to version 2.4.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Sourcetree URI handler and limiting commit permissions to repositories.