Описание
There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.5.1.0 (включая) до 3.0.0 (исключая)
cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 76%
0.00954
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.
EPSS
Процентиль: 76%
0.00954
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
NVD-CWE-noinfo