=============================================
- Discovered by: Dawid Golunski (@dawid_golunski)
- dawid[at]legalhackers.com
- https://legalhackers.com
- https://exploitbox.io

- CVE-2020-27955
- Release date: 04.11.2020
- Revision 1.0
- Severity: Critical
=============================================


VULNERABILITY
-------------------------

SourceTree Remote Code Execution (RCE) CVE-2020-27955 (git-lfs)


BACKGROUND
-------------------------

Sourcetree simplifies how you interact with your Git repositories so you can focus on coding. Visualize and manage your repositories through Sourcetree's simple Git GUI.

https://www.sourcetreeapp.com/

Video PoC
-------------------------



Advisories
-------------------------
Git RCE Expoit CVE-2020-27955 
Git-LFS RCE exploit CVE-2020-27955 



Exploits / PoC repos
-------------------------

Git / git-lfs - RCE exploit CVE-2020-27955 - GO version

GitHub - PoC repo - Git / git-lfs - RCE exploit CVE-2020-27955 - BAT/powershell version

GitHub - PoC repo - Git / git-lfs - RCE exploit CVE-2020-27955 - Go version






                                              

    COMING SOON █