CVE-2017-8768
published 2017-05-04CVE-2017-8768: Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | sourcetree | <= 2.5c | — |