Uploaded image for project: 'Sourcetree for Windows'
  1. Sourcetree for Windows
  2. SRCTREEWIN-7663

Remote Code Execution via Git and Mercurial - (CVE-2017-1000117, CVE-2017-1000115, CVE-2017-1000116)

    XMLWordPrintable

Details

    • Severity 1 - Critical

    Description

      SourceTree for Windows is affected by vulnerabilities found in the Git and Mercurial software. This vulnerability can be triggered through a malicious repository when it is checked out using SourceTree. From version 0.8.4b of SourceTree for Windows this vulnerability can be triggered from a webpage through the use of the SourceTree URI handler.

      Affected versions:

      • Versions of SourceTree for Windows starting with 0.5.1.0 before version 2.1.10 are affected by this vulnerability.

      Fix:

      For additional details see the full advisory.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. SRCTREE-4904 Remote Code Execution via Git and Mercurial - (CVE-2017-1000117, CVE-2017-1000115, CVE-2017-1000116)

          • Highest - Our top priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              mhart@atlassian.com Matt Hart (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: