Back to search
CVE-2018-20234
Published: Mar 8, 2019
Modified: Sep 16, 2024
PUBLISHED
Description
There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
| Vendor | Product | Versions |
|---|---|---|
Atlassian | Sourcetree for macOS | affected 1.2 - < unspecifiedaffected unspecified - < 3.1.1 |
References
https://jira.atlassian.com/browse/SRCTREE-6391
x_refsource_CONFIRM
107414
vdb-entry
x_refsource_BID
20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now