PT-2018-11787 · Mercurial Scm+1 · Mercurial+1
Published
2018-07-24
·
Updated
2020-08-24
·
CVE-2018-13386
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sourcetree for Windows versions prior to 2.6.9
Description
The issue allows an attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows to exploit an argument injection vulnerability via filenames in these repositories. This can lead to code execution on the system.
Recommendations
For versions prior to 2.6.9, update to version 2.6.9 or later to resolve the issue.
Fix
Argument Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mercurial
Sourcetree For Windows