CESA-2017:2480 -- centos 7 mod_dav_svnID: oval:org.secpod.oval:def:204624 | Date: (C)2018-04-30 (M)2022-10-10 |
Class: PATCH | Family: unix |
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: * A shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a "checkout" or "update" action on a malicious repository, or a legitimate repository containing a malicious commit. Red Hat would like to thank the Subversion Team for reporting this issue.