漏洞标题
N/A
漏洞描述信息
Sourcetree for macOS 在处理Mercurial和Git存储库时存在几个参数和命令注入漏洞。具有提交到Sourcetree for macOS关联的存储库权限的 attacker 能够通过使用Sourcetree URI handler从网页触发此漏洞,从而获得系统代码执行。从Sourcetree for macOS的1.4.0版本开始,此漏洞可以通过使用Sourcetree URI handler从网页触发。在版本2.7.0之前,Sourcetree for macOS的1.0b2版本也受到了此漏洞的影响。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Atlassian Sourcetree for macOS 安全漏洞
漏洞描述信息
Atlassian Sourcetree for macOS是澳大利亚Atlassian公司一款基于macOS平台的免费的Git和Mercurial客户端工具,能够利用可视化界面管理存储库。 基于macOS平台的Atlassian Sourcetree 1.0b2版本至2.7.0版本(不包括2.7.0版本)中存在安全漏洞。攻击者可利用该漏洞执行代码。
CVSS信息
N/A
漏洞类别
命令注入