Описание
There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.2.0 (включая) до 3.1.1 (исключая)
cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:macos:*:*
EPSS
Процентиль: 88%
0.0415
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-88
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
EPSS
Процентиль: 88%
0.0415
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-88