Apache Subversion - (bulletinjul2017)ID: oval:org.secpod.oval:def:2101120 | Date: (C)2019-12-31 (M)2022-08-31 |
Class: PATCH | Family: unix |
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server"s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
Product: |
library/python/subversion |
library/perl-5/subversion |
library/java/subversion |
developer/versioning/subversion |