Atlassian SourceTree is prone to a remote command-injection vulnerability.
Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition.
Atlassian SourceTree 2.5c and prior versions are vulnerable.
Information
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- [oss-security]Sourcetree arbitrary command execution (Seclists.org)
- Atlassian Homepage (Atlassian)
- SourceTree Homepage (Atlassian)