Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Groups
Explore all groups
Community resources

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Sign up for free Log in
Atlassian Community Hero Image Collage

Regarding the command injection issue.

Dual Wielder
Dual Wielder Jun 08, 2017

Greating,



I am new to sourcetree, I was checking it before installing it and I read about the command injection issue. I've also checked the question in this link: 


https://community.atlassian.com/t5/SourceTree-questions/More-info-on-the-Command-Injection-issue/qaq-p/585845





I would like to know if this: SourceTreeSetup-2.0.20.1

is the latest and has the issue solved?

Answer
Watch
Like Be the first to like this

2 answers

0 votes
Ana Retamal
Ana Retamal Atlassian Team Jun 09, 2017

Hi! Yes, SourceTree 2.0.20.1 is the latest one for Windows and it's not affected by the injection issue, it was fixed :)

Let us know if you need anything else!

Cheers,

Ana

Reply
0 votes
Dual Wielder
Dual Wielder Jun 09, 2017

Thanks for your reply, I am really glad to hear.



I have one last question though:

according to: https://www.cvedetails.com/vulnerability-list.php?vendor_id=3578



the version effected was 2.5c and prior, the one in SourceTree offical site is 2.0.20.1. This is confusing since 2.0 is prior to 2.5?





Thanks in advance,

View More Comments
Ana Retamal
Ana Retamal Atlassian Team Jun 09, 2017

Hi! For official information regarding the vulnerability, my recommendation is that you check our official source. You can find it at SourceTree Security Advisory.

Note that the site you linked is not even differentiating between Mac and Windows versions. Whilst this is not mentioned in that website, they're probably referring to the Mac version of SourceTree (which is currently 2.5.2).

Hope this clears your concerns :)

Ana

Like
Dual Wielder
Dual Wielder Jun 10, 2017

Yes, Thank you very much! =)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Sourcetree
Sourcetree
TAGS
Community showcase
Andy Heinzer
Andy Heinzer
Published in Sourcetree

Sourcetree for Windows - CVE-2019-11582 - Remote Code Execution vulnerability

A vulnerability has been published today in regards to Sourcetree for Windows.  The goal of this article is to give you a summary of information we have gathered from Atlassian Community as a st...

4,927 views 0 12
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you