CVSS: 3.1EPSS: 4%CPEs: 1EXPL: 1CVE-2024-46901 – Apache Subversion: mod_dav_svn denial-of-service via control characters in paths
https://notcve.org/view.php?id=CVE-2024-46901
09 Dec 2024 — Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected. • https://github.com/devhaozi/CVE-2024-46901 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45720 – Apache Subversion: Command line argument injection on Windows platforms
https://notcve.org/view.php?id=CVE-2024-45720
09 Oct 2024 — On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes th... • https://subversion.apache.org/security/CVE-2024-45720-advisory.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •