Описание
There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.0 (включая) до 3.0.0 (исключая)
Одно из
cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:mac_os_x:*:*
cpe:2.3:a:atlassian:sourcetree:1.0:beta2:*:*:*:macos:*:*
cpe:2.3:a:atlassian:sourcetree:1.0:beta3:*:*:*:macos:*:*
cpe:2.3:a:atlassian:sourcetree:1.0:beta4:*:*:*:macos:*:*
cpe:2.3:a:atlassian:sourcetree:1.0:beta5:*:*:*:macos:*:*
cpe:2.3:a:atlassian:sourcetree:1.0:rc1:*:*:*:macos:*:*
EPSS
Процентиль: 77%
0.01052
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
EPSS
Процентиль: 77%
0.01052
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
NVD-CWE-noinfo