CVE-2024-46901
Severity
4.3MEDIUM
EPSS
5.8%
top 9.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedDec 9
Latest updateJan 15
Description
Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.
All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.
Repositories served via other access methods are not …
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.6 | Impact: 1.4
Affected Packages4 packages
Also affects: Debian Linux 11.0
🔴Vulnerability Details
4OSV▶
CVE-2024-46901: Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users wi↗2024-12-09
OSV▶
CVE-2024-46901: Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users wi↗2024-12-09
GHSA▶
GHSA-53gr-8h72-9w7p: Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users wi↗2024-12-09
📋Vendor Advisories
7Oracle
▶
Microsoft
▶
Red Hat▶
Subversion: Apache Subversion: mod_dav_svn denial-of-service via control characters in paths↗2024-12-09