Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 3.4.3-beta
Affects Version/s: 3.4.2
Component/s: Git
Labels:

CVSS Score:
9.1
Symptom Severity:
Severity 1 - Critical

Description

There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system. This is the result of an incomplete fix for CVE-2020-27955

Affected versions:

Version 3.4.2 and earlier

Fix

You can download the latest version of the standard installer or the enterprise installer.

For additional details, see the full advisory

Attachments

Issue Links

is cloned from

SRCTREEWIN-13410 RCE via git-lfs in Sourcetree for Windows - CVE-2020-27955

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(1 mentioned in)

Activity

People

Assignee:: Unassigned

Reporter:: Mitchell Johnson

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 26/Feb/2021 5:00 PM

Updated:: 13/Dec/2023 5:37 PM

Resolved:: 26/Feb/2021 5:01 PM