A Subversion client sometimes connects to URLs provided by the repository.This happens in two primary cases: during "checkout", "export", "update", and"switch", when the tree being downloaded contains svn:externals properties;and when using "svnsync sync" with one URL argument. A maliciously constructed svn+ssh:// URL would cause Subversion clients to run an arbitrary shell command. Such a URL could be generated by a maliciousserver, by a malicious user committing to a honest server , or by a proxy server. The vulnerability affects all clients, including those that use file://, and plain svn://. Fixed In Version: subversion 1.8.18, subversion 1.9.7