-
Bug
-
Resolution: Fixed
-
Highest
-
0.8.4b
-
None
-
Severity 1 - Critical
SourceTree for Windows is affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface.
Affected versions:
- Versions of SourceTree for Windows starting with 0.8.4b before version 2.0.20.1 are affected by this vulnerability.
Fix:
- Upgrade SourceTree for Windows to version 2.0.20.1 or higher from https://www.sourcetreeapp.com/
Acknowledgements
We would like to credit Yu Hong for reporting this issue to us.
For additional details see the full advisory.
[SRCTREEWIN-7161] Command Injection (CVE-2017-8768)
| Link |
Original:
This issue is related to |
| Workflow | Original: JAC Bug Workflow v3 [ 3450615 ] | New: SRCTREE JAC Bug Workflow [ 3738998 ] |
| Workflow | Original: SourceTree Bug Workflow [ 2015636 ] | New: JAC Bug Workflow v3 [ 3450615 ] |
| Labels | Original: CVE-2017-8768 advisory cvss-critical security | New: CVE-2017-8768 advisory security |
| Labels | Original: CVE-2017-8768 advisory security | New: CVE-2017-8768 advisory cvss-critical security |
Tim Wylie
made changes -
| Attachment | New: SourceTree.png [ 281013 ] |
| Attachment | New: image-2017-05-11-13-35-57-752.png [ 280985 ] |
| Attachment | New: image-2017-05-11-13-35-04-810.png [ 280984 ] |
| Remote Link | Original: This issue links to "Page (Extranet)" [ 287055 ] |
| Security | Original: Atlassian Staff [ 10750 ] |