What is the severity of CVE-2017-14593?

CVE-2017-14593 is considered a high severity vulnerability due to the potential for code execution on affected systems.

How do I fix CVE-2017-14593?

To mitigate CVE-2017-14593, update Sourcetree for Windows to a version later than 2.4.7.0.

Who is affected by CVE-2017-14593?

Users of Sourcetree for Windows versions from 0.5.1.0 to 2.4.7.0 are affected by CVE-2017-14593.

What types of attacks are possible with CVE-2017-14593?

CVE-2017-14593 allows an attacker with commit permissions to exploit repository handling vulnerabilities to execute arbitrary code.

Is CVE-2017-14593 specific to any version of Sourcetree?

Yes, CVE-2017-14593 specifically affects versions of Sourcetree for Windows from 0.5.1.0 to 2.4.7.0.

Vulnerability/
CVE-2017-14593

critical

CWE

77 78

26/1/2018

17/9/2024

CVE-2017-14593: Command Injection

First published: Fri Jan 26 2018(Updated: )

Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability

Credit: security@atlassian.com

Affected Software	Affected Version	How to fix
SourceTree	>=0.5.1.0<2.4.7.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-14593?
CVE-2017-14593 is considered a high severity vulnerability due to the potential for code execution on affected systems.
How do I fix CVE-2017-14593?
To mitigate CVE-2017-14593, update Sourcetree for Windows to a version later than 2.4.7.0.
Who is affected by CVE-2017-14593?
Users of Sourcetree for Windows versions from 0.5.1.0 to 2.4.7.0 are affected by CVE-2017-14593.
What types of attacks are possible with CVE-2017-14593?
CVE-2017-14593 allows an attacker with commit permissions to exploit repository handling vulnerabilities to execute arbitrary code.
Is CVE-2017-14593 specific to any version of Sourcetree?
Yes, CVE-2017-14593 specifically affects versions of Sourcetree for Windows from 0.5.1.0 to 2.4.7.0.

agent/type
agent/softwarecombine
agent/severity
agent/references
agent/weakness
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/atlassian
canonical/sourcetree
version/sourcetree/0.5.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.