PT-2018-5684 · Atlassian · Sourcetree
Zhang Tianqi
·
Published
2018-01-26
·
Updated
2020-05-11
·
CVE-2017-14592
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Sourcetree for macOS versions 1.0b2 through 2.7.0
Description:
The issue affects the handling of Mercurial and Git repositories in Sourcetree for macOS, allowing an attacker with commit permission to a linked repository to exploit argument and command injection bugs and gain code execution on the system. This can be triggered from a webpage using the Sourcetree URI handler from version 1.4.0 onwards.
Recommendations:
For Sourcetree for macOS versions 1.0b2 through 2.7.0, update to version 2.7.0 or later to resolve the issue.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcetree