CVE-2018-20236

CWE-77Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
2.4%
top 15.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Sourcetree FOR WindowsAtlassian Sourcetree
Timeline
PublishedMar 8
Latest updateMay 13

Description

There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5atlassian/sourcetree_for_windows0.5aunspecified+1
NVDatlassian/sourcetree0.5a3.0.10

🔴Vulnerability Details

2
GHSA
GHSA-52v2-8xvg-r55r: There was an command injection vulnerability in Sourcetree for Windows from version 02022-05-13
CVEList
CVE-2018-20236: There was an command injection vulnerability in Sourcetree for Windows from version 02019-03-08
CVE-2018-20236 (HIGH CVSS 8.8) | There was an command injection vuln | cvebase.io