Atlassian SourceTree 1.2 < 3.1.1 Multiple remote code execution vulnerabilities

The version of Atlassian SourceTree installed on the remote Windows host is version 1.2 prior to 3.1.1. It is, therefore, affected by multiple remote code execution vulnerabilities. - An option injection vulnerability exists in the git submodule component. An unauthenticated, remote attacker can...

Atlassian SourceTree 0.5a < 3.0.17 Multiple remote code execution vulnerabilities

The version of Atlassian SourceTree installed on the remote Windows host is version 0.5a prior to 3.0.17. It is, therefore, affected by multiple remote code execution vulnerabilities. - An option injection vulnerability exists in the git submodule component. An unauthenticated, remote attacker ca...

CVE-2018-20236

There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system...

Design/Logic Flaw

There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain...

Design/Logic Flaw

There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue t...

CVE-2018-20234

There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain...

CVE-2018-20235

There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue t...

CVE-2018-20234

There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain...

Command injection

There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system...

CVE-2018-20235

There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue t...

CVE-2018-20236

There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system...

CVE-2018-20235

There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue t...

CVE-2018-20234

There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain...

CVE-2018-20236

There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system...

CVE-2018-20235

CVE-2018-20235 affects Atlassian SourceTree for Windows via an argument injection vulnerability in the Mercurial repository handling (filenames) that allows a remote attacker with commit access to a linked Mercurial repo to execute code on the system. Affected versions are SourceTree for Windows ...

CVE-2018-20236

CVE-2018-20236 affects Sourcetree for Windows: a URI-handling vulnerability in versions older than 3.0.10 allows unauthenticated remote attackers to supply a malicious URI that yields code execution on the victim’s system. Affected: Sourcetree for Windows before 3.0.10 (0.5a–3.0.9). Remediation: ...

CVE-2018-20234

CVE-2018-20234 affects Atlassian Sourcetree for macOS (versions before 3.1.1). The vulnerability is an argument injection in the Mercurial repository component via filenames, which an attacker with commit access to a linked Mercurial repo can exploit to gain code execution on the system. The conn...

Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456

There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system. h4. Affected...

Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456

There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system. h4. Affected...

Input validation vulnerability via Git in Sourcetree for Mac - CVE-2018-17456

There was an input validation vulnerability in Sourcetree for macOS via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for macOS is able to able to exploit this issue to gain code execution on the system. h4. Affected version...