Description
7z vulnerability CVE-2022-29072
I don't know if Atlassian is aware of this issue or not, but doing a vulnerability scan with my AV software it detected 7z.exe under
C:\Users\Name\AppData\Local\SourceTree\app-3.4.9\tools
As a potential point of attack. It sighted the 7-Zip vulnerability CVE-2022-29072 as the problem, now i don't know if sourcetree comes packaged with 7-Zip or not but i thought it was worth while raising the issue, not finding anything about it affecting sourcetree elsewhere.
⚠️ New 7-Zip Software Exploit Found! - Here's The Fix - YouTube
Info on the exploit