CVE-2024-21697: 
Homebrew vulnerability analysis and mitigation

CVE-2024-21697 is a high-severity Remote Code Execution (RCE) vulnerability affecting Atlassian's Sourcetree software, discovered through their Penetration Testing program. The vulnerability was introduced in Sourcetree for Mac version 4.2.8 and Sourcetree for Windows version 3.4.19, with a CVSS score of 8.8. This security flaw allows an unauthenticated attacker to execute arbitrary code on affected systems, though it requires user interaction (Atlassian Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High), with the following vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability can be exploited remotely (Network), requires low attack complexity, needs no privileges, but does require user interaction. The impact is rated high for all three security objectives: confidentiality, integrity, and availability (JIRA Issue).

The successful exploitation of this vulnerability could result in complete compromise of the affected system, with high impact on confidentiality, integrity, and availability. An attacker could potentially execute arbitrary code, install malware, steal sensitive data, or disrupt system operations (Security Online).

Atlassian recommends that all affected users upgrade to the latest version of Sourcetree. For specific versions, users should upgrade to: Sourcetree for Mac 4.2.9 or later (if running 4.2.x), and Sourcetree for Windows 3.4.20 or later (if running 3.4.x). The fixed versions can be downloaded from the Sourcetree download center (ASEC, Atlassian Advisory).