CVE-2013-2088

2013-07-3113:20:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-2088

nvd

subversion

vulnerability

remote code execution

security

6.9 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

0.015 Low

EPSS

Percentile

87.1%

JSON

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.

CPENameOperatorVersion
apache:subversionapache subversioneq1.6.10
apache:subversionapache subversioneq1.6.19
apache:subversionapache subversioneq1.6.20
apache:subversionapache subversioneq1.6.2
apache:subversionapache subversioneq1.6.18
apache:subversionapache subversioneq1.6.16
apache:subversionapache subversioneq1.6.5
apache:subversionapache subversioneq1.6.3
apache:subversionapache subversioneq1.6.8
apache:subversionapache subversioneq1.6.13

CPE	Name	Operator	Version
apache:subversion	apache subversion	eq	1.6.10
apache:subversion	apache subversion	eq	1.6.19
apache:subversion	apache subversion	eq	1.6.20
apache:subversion	apache subversion	eq	1.6.2
apache:subversion	apache subversion	eq	1.6.18
apache:subversion	apache subversion	eq	1.6.16
apache:subversion	apache subversion	eq	1.6.5
apache:subversion	apache subversion	eq	1.6.3
apache:subversion	apache subversion	eq	1.6.8
apache:subversion	apache subversion	eq	1.6.13