CVE-2018-20234
published 2019-03-08CVE-2018-20234: There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories…
high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | sourcetree | >= 1.2.0 < 3.1.1 | 3.1.1 |
| atlassian | sourcetree_for_macos | >= 1.2 < unspecified | unspecified |
| atlassian | sourcetree_for_macos | >= unspecified < 3.1.1 | 3.1.1 |