CVE-2018-20235

2019-03-0818:00:00

atlassian

www.cve.org

AI Score

9.4

Confidence

High

EPSS

0.008

Percentile

81.2%

JSON

There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.

CNA Affected

[
  {
    "product": "Sourcetree for Windows",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "0.5a",
        "versionType": "custom"
      },
      {
        "lessThan": "3.0.15",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]