There was an argument injection vulnerability in SourceTree for Windows in URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution on the target system by exploiting this issue.
Versions of Sourcetree for Windows starting with 0.5a before 3.1.3 are affected by this vulnerability.
For additional details, see the full advisory: https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2019-06-05