There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for Windows before version 2.6.9 are affected by this vulnerability.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/SRCTREEWIN-8884 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2018-07-24T13:00:00Z
Updated: 2024-09-16T23:56:52.701Z
Reserved: 2018-07-06T00:00:00
Link: CVE-2018-13386
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-07-24T13:29:00.557
Modified: 2024-11-21T03:47:00.193
Link: CVE-2018-13386
Redhat
No data.