cbcvebase.
CVE-2017-9800
published 2017-08-11

CVE-2017-9800: A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an…

critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

Affected

47 ranges· showing 25
VendorProductVersion rangeFixed in
apachesubversion<= 1.8.18
apachesubversion
apachesubversion
apachesubversion
apachesubversion
apachesubversion
apachesubversion
apachesubversion
apachesubversion
apachesubversion
apachesubversion>= 0 < 1.9.7-11.9.7-1
apachesubversion>= 0 < 1.9.7-11.9.7-1
apachesubversion>= 0 < 1.9.7-11.9.7-1
apachesubversion>= 0 < 1.9.7-11.9.7-1
apachesubversion>= 0 < 1.8.8-1ubuntu3.31.8.8-1ubuntu3.3
apachesubversion>= 0 < 1.9.3-2ubuntu1.11.9.3-2ubuntu1.1
apache_software_foundationapache_subversion
apache_software_foundationapache_subversion
applexcode_9
canonicalbazaar<= 2.7.0
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianbreezy< breezy 3.0.0~bzr6772-1 (bookworm)breezy 3.0.0~bzr6772-1 (bookworm)
debianbzr< breezy 3.0.0~bzr6772-1 (bookworm)breezy 3.0.0~bzr6772-1 (bookworm)

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa9.8CRITICAL
osv9.8CRITICAL