Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-46901

Опубликовано: 09 дек. 2024
Источник: redhat
CVSS3: 3.1

Описание

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.

A flaw was found in Apache Subversion when serving repositories via mod_dav_svn. This issue may allow authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository via insufficient validation of filenames against control characters.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6subversionFix deferred
Red Hat Enterprise Linux 7subversionFix deferred
Red Hat Enterprise Linux 8subversionFix deferred
Red Hat Enterprise Linux 8subversion:1.10/subversionFix deferred
Red Hat Enterprise Linux 8subversion-devel:1.10/subversionFix deferred
Red Hat Enterprise Linux 9subversionFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-116
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2331127Subversion: Apache Subversion: mod_dav_svn denial-of-service via control characters in paths

3.1 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-46901

CVSS3: 3.1
ubuntu
около 1 года назад

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.

nvd логотип

CVE-2024-46901

CVSS3: 3.1
nvd
около 1 года назад

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.

msrc логотип

CVE-2024-46901

CVSS3: 3.1
msrc
11 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-46901

CVSS3: 3.1
debian
около 1 года назад

Insufficient validation of filenames against control characters in Apa ...

suse-cvrf логотип

SUSE-SU-2025:0871-1

suse-cvrf
11 месяцев назад

Security update for subversion

3.1 Low

CVSS3