{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-04T04:59:51.459","vulnerabilities":[{"cve":{"id":"CVE-2018-13386","sourceIdentifier":"security@atlassian.com","published":"2018-07-24T13:29:00.557","lastModified":"2024-11-21T03:47:00.193","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for Windows before version 2.6.9 are affected by this vulnerability."},{"lang":"es","value":"Hay una vulnerabilidad de inyección de argumentos en Sourcetree para Windows mediante nombres de archivo en repositorios Mercurial. Un atacante con permisos para realizar commits en un repositorio vinculado a Sourcetree para Windows puede explotar este problema para ejecutar código en el sistema. Todas las versiones de Sourcetree para Windows anteriores a la 2.6.9 se han visto afectadas por esta vulnerabilidad."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:*","versionEndExcluding":"2.6.9","matchCriteriaId":"E069C397-9A9F-4519-8CFB-F1CA16B6E972"}]}]}],"references":[{"url":"https://jira.atlassian.com/browse/SRCTREEWIN-8884","source":"security@atlassian.com","tags":["Vendor Advisory"]},{"url":"https://jira.atlassian.com/browse/SRCTREEWIN-8884","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}