CVE-2018-13396

There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
References
Link Resource
https://jira.atlassian.com/browse/SRCTREE-5985 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:mac_os_x:*:*
cpe:2.3:a:atlassian:sourcetree:1.0:beta2:*:*:*:macos:*:*
cpe:2.3:a:atlassian:sourcetree:1.0:beta3:*:*:*:macos:*:*
cpe:2.3:a:atlassian:sourcetree:1.0:beta4:*:*:*:macos:*:*
cpe:2.3:a:atlassian:sourcetree:1.0:beta5:*:*:*:macos:*:*
cpe:2.3:a:atlassian:sourcetree:1.0:rc1:*:*:*:macos:*:*

History

No history.

Information

Published : 2018-11-05 22:29

Updated : 2023-12-10 12:44


NVD link : CVE-2018-13396

Mitre link : CVE-2018-13396

CVE.ORG link : CVE-2018-13396


JSON object : View

Products Affected

atlassian

  • sourcetree