Unrated severityNVD Advisory· Published Jan 26, 2018· Updated Sep 17, 2024

CVE-2017-14593

Description

Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability

Affected products

Atlassian/Sourcetree for Windowscpe-rescue
Range: Versions starting with 0.5.1.0 before version 2.4.7.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/102926mitrevdb-entryx_refsource_BID
confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.htmlmitrex_refsource_CONFIRM
jira.atlassian.com/browse/SRCTREEWIN-8256mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000