The vulnerability of the svn:externals and svn:sync-from-url services in the centralized version control system Subversion allows a perpetrator to execute arbitrary shell commands.

The vulnerability of the svn:externals and svn:sync-from-url services in the centralized version control system Subversion exists due to insufficient checking of input data file://, http://, plain untunneled svn://. Exploiting this vulnerability allows a malicious actor to execute any shell comma...