[SRCTREEWIN-7161] Command Injection (CVE-2017-8768)

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 2.0.20.1
Affects Version/s: 0.8.4b
Component/s: None
Labels:

Symptom Severity:
Severity 1 - Critical

SourceTree for Windows is affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface.

Affected versions:

Versions of SourceTree for Windows starting with 0.8.4b before version 2.0.20.1 are affected by this vulnerability.

Fix:

Upgrade SourceTree for Windows to version 2.0.20.1 or higher from https://www.sourcetreeapp.com/

Acknowledgements
We would like to credit Yu Hong for reporting this issue to us.

For additional details see the full advisory.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

SourceTree.png
38 kB
11/May/2017 9:40 PM
image-2017-05-11-13-35-57-752.png
38 kB
11/May/2017 11:35 AM
image-2017-05-11-13-35-04-810.png
12 kB
11/May/2017 11:35 AM

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: alexmin (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 15 Start watching this issue

Created:: 08/May/2017 5:05 AM

Updated:: 06/Oct/2019 11:15 AM

Resolved:: 09/May/2017 5:49 AM

Sourcetree for Windows

Details

Description

Attachments

Attachments

Forms

Activity

People

Dates