CVE-2018-13396
05.11.2018, 22:29
There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.Enginsight
| Vendor | Product | Version |
|---|---|---|
| atlassian | sourcetree | 1.0 ≤ 𝑥 < 3.0.0 |
| atlassian | sourcetree | 1.0:beta2 |
| atlassian | sourcetree | 1.0:beta3 |
| atlassian | sourcetree | 1.0:beta4 |
| atlassian | sourcetree | 1.0:beta5 |
| atlassian | sourcetree | 1.0:rc1 |
𝑥
= Vulnerable software versions