Uploaded image for project: 'SourceTree For Mac'
  1. SourceTree For Mac
  2. SRCTREE-4904

Remote Code Execution via Git and Mercurial - (CVE-2017-1000117, CVE-2017-1000115, CVE-2017-1000116)

    XMLWordPrintable

    Details

    • Last commented by user?:
      true
    • Symptom Severity:
      Critical

      Description

      SourceTree for macOS is affected by vulnerabilities found in the Git and Mercurial software. This vulnerability can be triggered through a malicious repository when it is checked out using SourceTree. From version 1.4.0 of SourceTree for macOS this vulnerability can be triggered from a webpage through the use of the SourceTree URI handler.

      Affected versions:

      • Versions of SourceTree for macOS starting with 1.0b2 before version 2.6.1 are affected by this vulnerability.

      Fix:

      For additional details see the full advisory.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                mhart@atlassian.com Matthew Hart
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Last commented:
                  1 year, 12 weeks, 1 day ago