ASA-2019-00128 – Sourcetree: Input validation vulnerability via Git submodules

Sourcetree for macOS before version 3.1.1 and Sourcetree for Windows before version 3.0.17 were both vulnerable to CVE-2018-17456. A remote attacker with permission to commit to a git repository linked in Sourcetree for macOS or Windows is able to exploit this issue to gain code execution on the system.