The vulnerability in the visual Git client SourceTree exists due to the lack of measures taken to neutralize special elements used in the operating system command. This allows a malicious user to execute arbitrary commands.

🗓️ 11 Oct 2017 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

SourceTree vulnerability allows command execution due to improper neutralization of link elements.

Reporter	Title	Published	Views	Family All 10
Atlassian	Command Injection (CVE-2017-8768)	8 May 201705:13	–	atlassian
Atlassian	Command Injection (CVE-2017-8768)	8 May 201705:05	–	atlassian
Atlassian	Command Injection (CVE-2017-8768)	8 May 201705:13	–	atlassian
Atlassian	Command Injection (CVE-2017-8768)	8 May 201705:05	–	atlassian
CNVD	Atlassian SourceTree Command Injection Vulnerability	11 May 201700:00	–	cnvd
CVE	CVE-2017-8768	4 May 201722:00	–	cve
Cvelist	CVE-2017-8768	4 May 201722:00	–	cvelist
EUVD	EUVD-2017-17712	7 Oct 202500:30	–	euvd
NVD	CVE-2017-8768	4 May 201722:29	–	nvd
Prion	Command injection	4 May 201722:29	–	prion

Source	Link
openwall	www.openwall.com/lists/oss-security/2017/05/03/5
seclists	www.seclists.org/fulldisclosure/2017/May/10
securityfocus	www.securityfocus.com/bid/98329
youtube	www.youtube.com/watch
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 39.8

CVSS 210

EPSS0.08015

SourceTree arbitrary commands command execution url elements neutralization failure malicious actor vulnerability