There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sourcetree | Atlassian | 1.0 (including) | 3.0.0 (excluding) |
Sourcetree | Atlassian | 1.0-beta2 (including) | 1.0-beta2 (including) |
Sourcetree | Atlassian | 1.0-beta3 (including) | 1.0-beta3 (including) |
Sourcetree | Atlassian | 1.0-beta4 (including) | 1.0-beta4 (including) |
Sourcetree | Atlassian | 1.0-beta5 (including) | 1.0-beta5 (including) |
Sourcetree | Atlassian | 1.0-rc1 (including) | 1.0-rc1 (including) |