Atlassian SourceTree CVE-2017-8768 Command Injection Vulnerability

Atlassian SourceTree is prone to a remote command-injection vulnerability.

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition.

Atlassian SourceTree 2.5c and prior versions are vulnerable.


Bugtraq ID: 98329
Class: Unknown
CVE: CVE-2017-8768

Remote: Yes
Local: No
Published: May 04 2017 12:00AM
Updated: May 11 2017 12:07AM
Credit: redrain
Vulnerable: Atlassian SourceTree 2.5C

Not Vulnerable:


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Related Posts