175 matches found
CVE-2018-13397
Sourcetree for Windows (versions 0.5.1.0 up to, but not including, 3.0.0) is vulnerable to an argument injection flaw in Git subrepositories within Mercurial repositories. An attacker with commit access to a linked Mercurial repo can exploit this to gain code execution on the host. Affected macOS...
Sourcetree Git Arbitrary Code Execution Vulnerability
An attacker can exploit the embedded version of Git used in Sourcetree if they can commit to a Git repository linked in Sourcetree. This allows them to execute arbitrary code on systems running a vulnerable version of Sourcetree for macOS. Versions of Sourcetree for macOS starting with version...
Atlassian SourceTree 1.0b2 < 2.7.6 Remote Code Execution Vulnerabilities (Mac OSX)
The version of Atlassian SourceTree installed on the remote host is a version 1.0b2 prior to 2.7.6 on Mac OSX. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. C...
SourceTree by Atlassian Detection on Mac OSX
Binary data atlassiansourcetreedetectmacosx.nbin...
Atlassian SourceTree 0.5.1.0 < 2.6.9 Remote Code Execution Vulnerabilities
The version of Atlassian SourceTree installed on the remote host is a version 0.5.1.0 prior to 2.6.9 . It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. C Tenable...
Remote Code Execution in Sourcetree for Windows, via Mercurial repo with Git subrepo - CVE-2018-13397
There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to ga...
Remote Code Execution in Sourcetree for Windows, via Mercurial repo with Git subrepo - CVE-2018-13397
There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to ga...
Atlassian Sourcetree for macOS Parameter Injection Vulnerability
Atlassian Sourcetree for macOS is a free Git and Mercurial client tool from Atlassian Australia for the macOS platform that manages repositories using a visual interface. A parameter injection vulnerability exists in versions 1.0b2 through 2.7.6 excluding version 2.7.6 of Sourcetree for macOS. An...
Atlassian Sourcetree for Windows Parameter Injection Vulnerability
Atlassian Sourcetree for Windows is a free Windows-based Git and Mercurial client tool from Atlassian Australia that manages repositories using a visual interface. A parameter injection vulnerability exists in Sourcetree for Windows. The vulnerability can be exploited by an attacker to execute co...
Sourcetree Remote Code Execution Exploit
Sourcetree suffers from multiple remote code execution vulnerabilities related to git submodules and argument injection. macOS versions 1.0b2 up to 2.7.6 and Windows versions 0.5.1.0 up to 2.6.10 are affected. Sourcetree Remote Code Execution Exploit CVE ID: CVE-2018-11235. CVE-2018-13385...
CVE-2018-13386
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of...
CVE-2018-13385
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree...
Design/Logic Flaw
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree...
CVE-2018-13386
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of...
Design/Logic Flaw
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of...
CVE-2018-13385
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree...
CVE-2018-13386
CVE-2018-13386 affects Sourcetree for Windows. The vulnerability is an argument injection via filenames in Mercurial repositories, exploitable by a user who can commit to a linked Mercurial repo, to gain code execution on the system. Affected versions are Sourcetree for Windows prior to 2.6.9. Re...
CVE-2018-13385
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree...
CVE-2018-13385
Sourcetree for macOS is affected in versions 1.0b2 through before 2.7.6 by an argument injection vulnerability via filenames in Mercurial repositories. An attacker who can commit to a linked Mercurial repo can exploit this to gain code execution on the host. Root cause: unsafe handling of reposit...
CVE-2018-13386
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of...