Invalid Filename Validation Vulnerability in Apache Subversion Repositories

CVE-2024-46901

3.1LOW

Key Information

Vendor: Apache
Status: Apache Subversion
Vendor: CVE Published:; 9 December 2024

Summary

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.

All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.

Repositories served via other access methods are not affected.

Affected Version(s)

Apache Subversion <= 1.14.4

References

https://subversion.apache.org/security/CVE-2024-46901-adv...

vendor-advisory

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Sep 13, 2024

Collectors

NVD DatabaseMitre Database

Credit

HaoZi, WordPress China