[SRCTREEWIN-7663] Remote Code Execution via Git and Mercurial - (CVE-2017-1000117, CVE-2017-1000115, CVE-2017-1000116) - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 2.1.10.0
Affects Version/s: None
Component/s: None
Labels:

Symptom Severity:
Severity 1 - Critical

SourceTree for Windows is affected by vulnerabilities found in the Git and Mercurial software. This vulnerability can be triggered through a malicious repository when it is checked out using SourceTree. From version 0.8.4b of SourceTree for Windows this vulnerability can be triggered from a webpage through the use of the SourceTree URI handler.

Affected versions:

Versions of SourceTree for Windows starting with 0.5.1.0 before version 2.1.10 are affected by this vulnerability.

Fix:

Upgrade SourceTree for Windows to version 2.1.10 or higher from https://www.sourcetreeapp.com/

For additional details see the full advisory.

relates to

SRCTREE-4904 Remote Code Execution via Git and Mercurial - (CVE-2017-1000117, CVE-2017-1000115, CVE-2017-1000116)

Closed

Assignee:: Unassigned

Reporter:: Matt Hart (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 3 Start watching this issue

Created:: 31/Jul/2017 12:14 AM

Updated:: 26/Aug/2019 5:13 AM

Resolved:: 31/Jul/2017 12:15 AM

Sourcetree for Windows

Details

Description

Attachments

Issue Links

Forms

Activity

[SRCTREEWIN-7663] Remote Code Execution via Git and Mercurial - (CVE-2017-1000117, CVE-2017-1000115, CVE-2017-1000116)

People

Dates