ALAS-2017-883 ---- subversion mod_dav_svn mod24_dav_svnID: oval:org.secpod.oval:def:1600761 | Date: (C)2017-09-21 (M)2023-12-20 |
Class: PATCH | Family: unix |
Command injection through clients via malicious svn+ssh URLsA shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a "checkout" or "update" action on a malicious repository, or a legitimate repository containing a malicious commit
Platform: |
Amazon Linux AMI |
Product: |
subversion |
mod_dav_svn |
mod24_dav_svn |