CVE-2007-3846

Name of the Vulnerable Software and Affected Versions: Subversion versions prior to 1.4.5 TortoiseSVN versions prior to 1.4.5

Description: The issue allows remote authenticated users to overwrite and create arbitrary files via a .. (dot dot backslash) sequence in the filename, as stored in the file repository, when run on Windows-based systems.

Recommendations: For Subversion versions prior to 1.4.5, update to version 1.4.5 or later. For TortoiseSVN versions prior to 1.4.5, update to version 1.4.5 or later.