[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2017-883 ---- subversion mod_dav_svn mod24_dav_svn

ID: oval:org.secpod.oval:def:1600761Date: (C)2017-09-21   (M)2023-12-20
Class: PATCHFamily: unix




Command injection through clients via malicious svn+ssh URLsA shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a "checkout" or "update" action on a malicious repository, or a legitimate repository containing a malicious commit

Platform:
Amazon Linux AMI
Product:
subversion
mod_dav_svn
mod24_dav_svn
Reference:
ALAS-2017-883
CVE-2017-9800
CVE    1
CVE-2017-9800
CPE    16
cpe:/o:amazon:linux
cpe:/a:apache:subversion:1.9.0
cpe:/a:apache:mod_dav_svn
cpe:/a:apache:subversion:1.10.0:alpha1
...

© SecPod Technologies