PT-2018-11786 · Atlassian · Sourcetree
Published
2018-07-24
·
Updated
2020-05-11
·
CVE-2018-13385
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sourcetree for macOS versions 1.0b2 through 2.7.6
Description
The issue is related to an argument injection vulnerability in Sourcetree for macOS, specifically via filenames in Mercurial repositories. An attacker who has permission to commit to a linked Mercurial repository can exploit this to gain code execution on the system.
Recommendations
For versions 1.0b2 through 2.7.6, update to version 2.7.6 or later to resolve the issue.
Fix
Argument Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcetree