2 results (0.008 seconds)

CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected. • https://github.com/devhaozi/CVE-2024-46901 https://subversion.apache.org/security/CVE-2024-46901-advisory.txt • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms. • https://subversion.apache.org/security/CVE-2024-45720-advisory.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •