First published: Mon Dec 09 2024(Updated: )
Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Subversion | <=1.14.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2024-46901 is considered medium due to its potential impact on the integrity of Subversion repositories.
To fix CVE-2024-46901, upgrade Apache Subversion to a version newer than 1.14.4 that addresses the vulnerability.
All versions of Apache Subversion up to and including 1.14.4 are affected by CVE-2024-46901.
The impact of CVE-2024-46901 allows authenticated users with commit access to introduce corrupted revisions, potentially disrupting repository usage.
No, CVE-2024-46901 requires authenticated users with commit access to exploit the vulnerability.