CVE-2018-20234

HIGH Year: 2018
CVSS v3 Score
8.8
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-88
View all →

Vulnerability Description

There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.

Related Vulnerabilities

CVE-2019-11582

HIGH
CVSS:8.8(High)

An argument injection vulnerability in Atlassian Sourcetree for Windows's URI handlers, in all versions prior to 3.1.3, allows remote attackers to gain remote code execution through the use of a craft...

CWE-882019

CVE-2019-11751

HIGH
CVSS:8.8(High)

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to...

CWE-882019

CVE-2019-13475

HIGH
CVSS:8.8(High)

In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on ...

CWE-882019

CVE-2019-15498

HIGH
CVSS:8.8(High)

cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/c...

CWE-882019

CVE-2019-3931

HIGH
CVSS:8.8(High)

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attac...

CWE-882019

CVE-2020-13699

HIGH
CVSS:8.8(High)

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: ...

CWE-882020