3 matches found
CVE-2018-13397
Sourcetree for Windows (versions 0.5.1.0 up to, but not including, 3.0.0) is vulnerable to an argument injection flaw in Git subrepositories within Mercurial repositories. An attacker with commit access to a linked Mercurial repo can exploit this to gain code execution on the host. Affected macOS...
Sourcetree Git Arbitrary Code Execution Vulnerability
An attacker can exploit the embedded version of Git used in Sourcetree if they can commit to a Git repository linked in Sourcetree. This allows them to execute arbitrary code on systems running a vulnerable version of Sourcetree for macOS. Versions of Sourcetree for macOS starting with version...
Remote Code Execution in Sourcetree for Windows, via Mercurial repo with Git subrepo - CVE-2018-13397
There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to ga...