CVE-2019-11582

2019-06-1413:54:38

atlassian

www.cve.org

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

69.4%

JSON

An argument injection vulnerability in Atlassian Sourcetree for Windows’s URI handlers, in all versions prior to 3.1.3, allows remote attackers to gain remote code execution through the use of a crafted URI.

CNA Affected

[
  {
    "product": "Sourcetree for Windows",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "0.5a",
        "versionType": "custom"
      },
      {
        "lessThan": "3.1.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

jira.atlassian.com/browse/SRCTREEWIN-11917