SourceTree: Shellshock and embedded Git

Hi there, I'm running SourceTree v1.6.8.0 on Windows. I am using embedded Git v1.8.3 which appears to be dated 20130601. The security folks at work are concerned that the version of bash included in this software might be vulnerable to shellshock ... anyone know how I should respond to them? THanks!

2 answers

Disclaimer: I'm not a security expert.

I would assume the bash version does have the vulnerability, until @Steve Streeting or someone at Atlassian can say differently.

However, unless you provide remote access to this bash installation, I'm not sure how it would be taken advantage of. If a malicious third party gains enough access to your computer to execute commands with SourceTree's bash, you're already screwed.


@Steve Streeting any thoughts on this?

Our IT department had similar concerns about the PuTTY version that comes with SourceTree.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Brian Ganninger
Published Jan 23, 2018 in Sourcetree

Tip from the team: workflow and keyboard shortcuts

Supported Platforms macOS Sourcetree has a lot to offer and, like many developer tools, finding and using it all can be a challenge, especially for a new user. Everyone might not love ...

797 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you