Atlassian SourceTree Client version 2.5c and prior contain a client URL handler command injection vulnerability that allows attackers to execute specially crafted sourcetree:// commands with arbitrary arguments on multiple platforms.
76ccd1c3da69210c907e6ae1b6d727a681548009bf247047b3899781e363f05a