• Type: Bug
• Resolution: Fixed
• Priority: Highest
• Fix Version/s: 2.5.1
• Affects Version/s: 1.4.0
• Component/s: None
• Labels:

  • CVE-2017-8768
  • advisory
  • command-injection
  • cvss-high
  • injection
  • security

1. Screen Shot 2017-05-11 at 6.21.24 PM.png

   521 kB

   12/May/2017 1:22 AM

[SRCTREE-4738] Command Injection (CVE-2017-8768)

Alberto T Gomez made changes - 06/Oct/2019 11:15 AM

Link

Original: This issue relates to SRCTREEWIN-7161 [ SRCTREEWIN-7161 ]

Monique Khairuliana (Inactive) made changes - 30/Sep/2019 4:13 AM

Workflow

Original: JAC Bug Workflow v3 [ 3369774 ]

New: SRCTREE JAC Bug Workflow [ 3737013 ]

Monique Khairuliana (Inactive) made changes - 16/Aug/2019 12:59 AM

Workflow	Original: SourceTree Bug Workflow [ 2015638 ]	New: JAC Bug Workflow v3 [ 3369774 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

nma (Inactive) made changes - 23/May/2017 12:18 AM

Labels

Original: CVE-2017-8768 advisory cvss-high security

New: CVE-2017-8768 advisory command-injection cvss-high injection security

Matt Hart (Inactive) made changes - 22/May/2017 12:24 AM

Labels

Original: CVE-2017-8768 advisory cvss-high no-advisory-required security

New: CVE-2017-8768 advisory cvss-high security

Brian Ganninger (Inactive) made changes - 12/May/2017 1:22 AM

Attachment

New: Screen Shot 2017-05-11 at 6.21.24 PM.png [ 281016 ]

David Black made changes - 10/May/2017 10:52 PM

Remote Link

Original: This issue links to "Page (Extranet)" [ 287054 ]

Alek Amrani (Inactive) made changes - 10/May/2017 4:44 PM

Security

Original: Atlassian Staff [ 10750 ]

alexmin (Inactive) made changes - 10/May/2017 7:08 AM

Description

Original: SourceTree for Mac is affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface. *Affected versions:* * Versions of SourceTree for Mac starting with 1.4.0 before version 2.5.1 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for Mac to version 2.5.1 or higher from https://www.sourcetreeapp.com/ *Acknowledgements* We would like to credit redrain for reporting this issue to us.   For additional details see [the full advisory|https://confluence.atlassian.com/x/jW2xNQ].

New: SourceTree for Mac is affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface. *Affected versions:* * Versions of SourceTree for Mac starting with 1.4.0 before version 2.5.1 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for Mac to version 2.5.1 or higher from https://www.sourcetreeapp.com/ *Acknowledgements* We would like to credit Yu Hong for reporting this issue to us.   For additional details see [the full advisory|https://confluence.atlassian.com/x/jW2xNQ].

David Black made changes - 10/May/2017 6:52 AM

Description

Original: SourceTree for Mac is affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface. *Affected versions:* * Versions of SourceTree for Windows starting with 1.4.0 before version 2.5.1 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for Mac to version 2.5.1 or higher from https://www.sourcetreeapp.com/ *Acknowledgements* We would like to credit redrain for reporting this issue to us.   For additional details see [the full advisory|https://confluence.atlassian.com/x/jW2xNQ].

New: SourceTree for Mac is affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface. *Affected versions:* * Versions of SourceTree for Mac starting with 1.4.0 before version 2.5.1 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for Mac to version 2.5.1 or higher from https://www.sourcetreeapp.com/ *Acknowledgements* We would like to credit redrain for reporting this issue to us.   For additional details see [the full advisory|https://confluence.atlassian.com/x/jW2xNQ].

Load more older history items