漏洞标题
N/A
漏洞描述信息
Sourcetree for Windows通过Mercurial归档库标签名称存在的参数注入漏洞将被删除。具有在Sourcetree for Windows中链接的Mercurial归档库上创建标签权限的恶意攻击者能够通过利用此漏洞在系统中执行代码。所有2.5.5.0以前的Windows版本都受到此漏洞的影响。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. All versions of Sourcetree for Windows before 2.5.5.0 are affected by this vulnerability.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Atlassian Sourcetree for Windows 安全漏洞
漏洞描述信息
Atlassian Sourcetree for Windows是澳大利亚Atlassian公司一款基于Windows平台的免费的Git和Mercurial客户端工具,它能够利用可视化界面管理存储库。 基于Windows平台的Atlassian Sourcetree 2.5.5.0之前版本中存在安全漏洞。攻击者可借助Mercurial库标签名称利用该漏洞在系统上执行代码。
CVSS信息
N/A
漏洞类别
授权问题