2331127 – (CVE-2024-46901) CVE-2024-46901 Subversion: Apache Subversion: mod_dav_svn denial-of-service via control characters in paths

Bug 2331127 (CVE-2024-46901) - CVE-2024-46901 Subversion: Apache Subversion: mod_dav_svn denial-of-service via control characters in paths

Summary: CVE-2024-46901 Subversion: Apache Subversion: mod_dav_svn denial-of-service v...

Keywords:
Status:	NEW
Alias:	CVE-2024-46901
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2338245
Blocks:
TreeView+	depends on / blocked

Reported:	2024-12-09 10:01 UTC by OSIDB Bzimport
Modified:	2025-06-12 02:00 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-12-09 10:01:01 UTC

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.

All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.

Repositories served via other access methods are not affected.

Note You need to log in before you can comment on or make changes to this bug.