CVE-2024-46901

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.

CVSS v3 3.1 LOW

3.1^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://subversion.apache.org/security/CVE-2024-46901-advisory.txt

Configurations

No configuration.

History

09 Dec 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-09 10:15

Updated : 2024-12-09 10:15

NVD link : CVE-2024-46901

Mitre link : CVE-2024-46901

CVE.ORG link : CVE-2024-46901

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

CWE-116

Improper Encoding or Escaping of Output

3.1 /10