[SRCTREE-4738] Command Injection (CVE-2017-8768)

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 2.5.1
Affects Version/s: 1.4.0
Component/s: None
Labels:

Symptom Severity:
Severity 1 - Critical

SourceTree for Mac is affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface.

Affected versions:

Versions of SourceTree for Mac starting with 1.4.0 before version 2.5.1 are affected by this vulnerability.

Fix:

Upgrade SourceTree for Mac to version 2.5.1 or higher from https://www.sourcetreeapp.com/

Acknowledgements
We would like to credit Yu Hong for reporting this issue to us.

For additional details see the full advisory.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

Screen Shot 2017-05-11 at 6.21.24 PM.png
521 kB
12/May/2017 1:22 AM

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: alexmin (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 12 Start watching this issue

Created:: 08/May/2017 5:13 AM

Updated:: 06/Oct/2019 11:15 AM

Resolved:: 09/May/2017 5:50 AM

Sourcetree For Mac

Details

Description

Attachments

Attachments

Forms

Activity

People

Dates