Sourcetree suffers from multiple remote code execution vulnerabilities related to git submodules and argument injection. macOS versions 1.0b2 up to 2.7.6 and Windows versions 0.5.1.0 up to 2.6.10 are affected.
cde4d25e68a273c6d5c20d3578cda77f6c048e35cf3936b680f4f3eaecbffdd7Red Hat Security Advisory 2018-2147-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.
b457b588feadfc4250ff7e8b20756c19a71edbae2dea14ab3884c61bf5753eecRed Hat Security Advisory 2018-1957-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a code execution vulnerability.
c0ccd2c712ca6f64979bef634b0b2d12e09be3bcba785dab1cd5951dc3890edbApple Security Advisory 2018-06-13-01 - Xcode 9.4.1 is now available and addresses code execution vulnerabilities.
a6a84db972550427bdbffef1187ca381b22ab72d451b794ffdc1428708a5aa70Ubuntu Security Notice 3671-1 - Etienne Stalmans discovered that git did not properly validate git submodules files. A remote attacker could possibly use this to craft a git repo that causes arbitrary code execution when "git clone --recurse-submodules" is used. It was discovered that an integer overflow existed in git's pathname sanity checking code when used on NTFS filesystems. An attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.
454d7b545969f1658c8bdd086372809ae83e2b85fe911c0f38cf869af224baa4Slackware Security Advisory - New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
1209868e8f4ea877b74baef0c51aea014b58302262e575a6785c58ea8d8a1f9cGit versions prior to 2.17.1 suffer from a code execution vulnerability.
8e196e2010e639c348e63cab733cd487161fca0cb304007e7c28a22785a24d3eGentoo Linux Security Advisory 201805-13 - Git contains multiple vulnerabilities that allow for the remote execution of arbitrary code. Versions less than 2.16.4 are affected.
1fe4e7c064676ebafd9d90f44aa720dcd43b65e358b63d2c03603333ee051dc1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed