Subversion Security Vulnerabilities and Issues — Subversion CVE List

Lucene search

ApacheSubversion

3 matches found

CVE•added 2017/08/11 9:29 p.m.•308 views

CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another ...

9.8CVSS9.1AI score0.3131EPSS

CVE•added 2017/10/16 1:29 p.m.•84 views

CVE-2016-8734

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.

6.5CVSS6.7AI score0.02805EPSS

CVE•added 2017/10/30 2:29 p.m.•43 views

CVE-2013-4246

libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties.

8.8CVSS8.2AI score0.00327EPSS