CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-46901 – Apache Subversion: mod_dav_svn denial-of-service via control characters in paths
https://notcve.org/view.php?id=CVE-2024-46901
Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected. • https://github.com/devhaozi/CVE-2024-46901 https://subversion.apache.org/security/CVE-2024-46901-advisory.txt • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45720 – Apache Subversion: Command line argument injection on Windows platforms
https://notcve.org/view.php?id=CVE-2024-45720
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms. • https://subversion.apache.org/security/CVE-2024-45720-advisory.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •