Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 2.0.20.1
Affects Version/s: 0.8.4b
Component/s: None
Labels:

Symptom Severity:
Severity 1 - Critical

Description

SourceTree for Windows is affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface.

Affected versions:

Versions of SourceTree for Windows starting with 0.8.4b before version 2.0.20.1 are affected by this vulnerability.

Fix:

Upgrade SourceTree for Windows to version 2.0.20.1 or higher from https://www.sourcetreeapp.com/

Acknowledgements
We would like to credit Yu Hong for reporting this issue to us.

For additional details see the full advisory.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

image-2017-05-11-13-35-04-810.png
12 kB
11/May/2017 11:35 AM
image-2017-05-11-13-35-57-752.png
38 kB
11/May/2017 11:35 AM
SourceTree.png
38 kB
11/May/2017 9:40 PM

Activity

People

Assignee:: Unassigned

Reporter:: alexmin (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 15 Start watching this issue

Dates

Created:: 08/May/2017 5:05 AM

Updated:: 06/Oct/2019 11:15 AM

Resolved:: 09/May/2017 5:49 AM