Uploaded image for project: 'Sourcetree for Windows'
  1. Sourcetree for Windows
  2. SRCTREEWIN-9077

Remote Code Execution in Sourcetree for Windows, via Mercurial repo with Git subrepo - CVE-2018-13397

    XMLWordPrintable

    Details

    • Symptom Severity:
      Severity 1 - Critical

      Description

      There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.

       

      For additional details, see the full advisory

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              security-metrics-bot SecurityB
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: