CVE-2018-20236
published 2019-03-08CVE-2018-20236: There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a…
high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | sourcetree | >= 0.5a < 3.0.10 | 3.0.10 |
| atlassian | sourcetree_for_windows | >= 0.5a < unspecified | unspecified |
| atlassian | sourcetree_for_windows | >= unspecified < 3.0.10 | 3.0.10 |