7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
0.015 Low
EPSS
Percentile
87.2%
Subversion team reports:
The script contrib/hook-scripts/check-mime-type.pl does not escape
argv arguments to โsvnlookโ that start with a hyphen. This could be
used to cause โsvnlookโ, and hence check-mime-type.pl, to error out.
The script contrib/hook-scripts/svn-keyword-check.pl parses filenames
from the output of โsvnlook changedโ and passes them to a further
shell command (equivalent to the โsystem()โ call of the C standard
library) without escaping them. This could be used to run arbitrary
shell commands in the context of the user whom the pre-commit script
runs as (the user who owns the repository).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | subversion | =ย 1.7.0 | UNKNOWN |
FreeBSD | any | noarch | subversion | <ย 1.7.10 | UNKNOWN |