-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Highest
-
Affects Version/s: None
-
Component/s: Mercurial
-
Severity 1 - Critical
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.
Affected versions:
- All versions of SourceTree for Windows before version 2.5.5.0
Fix:
- Upgrade SourceTree for Windows to version 2.5.5.0 or higher from https://www.sourcetreeapp.com/
Acknowledgements
Atlassian would like to credit Zhang Tianqi @ Tophant for reporting this issue to us.
For additional details see the full advisory.
- relates to
-
SECENG-1459 Loading...