Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-46901

Опубликовано: 09 дек. 2024
Источник: redhat
CVSS3: 3.1
EPSS Низкий

Описание

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.

A flaw was found in Apache Subversion when serving repositories via mod_dav_svn. This issue may allow authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository via insufficient validation of filenames against control characters.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6subversionFix deferred
Red Hat Enterprise Linux 7subversionFix deferred
Red Hat Enterprise Linux 8subversionFix deferred
Red Hat Enterprise Linux 8subversion:1.10/subversionFix deferred
Red Hat Enterprise Linux 8subversion-devel:1.10/subversionFix deferred
Red Hat Enterprise Linux 9subversionFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-116
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2331127Subversion: Apache Subversion: mod_dav_svn denial-of-service via control characters in paths

EPSS

Процентиль: 90%
0.05579
Низкий

3.1 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-46901

CVSS3: 3.1
ubuntu
6 месяцев назад

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.

nvd логотип

CVE-2024-46901

CVSS3: 3.1
nvd
6 месяцев назад

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.

msrc логотип

CVE-2024-46901

CVSS3: 3.1
msrc
3 месяца назад

Описание отсутствует

debian логотип

CVE-2024-46901

CVSS3: 3.1
debian
6 месяцев назад

Insufficient validation of filenames against control characters in Apa ...

suse-cvrf логотип

SUSE-SU-2025:0871-1

suse-cvrf
3 месяца назад

Security update for subversion

EPSS

Процентиль: 90%
0.05579
Низкий

3.1 Low

CVSS3