CVE-2018-20235
published 2019-03-08CVE-2018-20235: There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial…
high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | sourcetree | >= 0.5a < 3.0.15 | 3.0.15 |
| atlassian | sourcetree_for_windows | >= 0.5a < unspecified | unspecified |
| atlassian | sourcetree_for_windows | >= unspecified < 3.0.15 | 3.0.15 |