CVE-2017-9800

Name of the Vulnerable Software and Affected Versions Subversion versions prior to 1.8.19 Subversion versions 1.9.x prior to 1.9.7 Subversion versions 1.10.0.x through 1.10.0-alpha3 git-annex versions prior to 6.20170818

Description A maliciously constructed URL could cause Subversion clients to run an arbitrary shell command. This issue affects all clients, including those using file://, http://, and plain svn:// protocols. The vulnerability can be exploited by a malicious server, a malicious user committing to a honest server, or a proxy server. In the case of git-annex, a command injection vulnerability exists due to insufficient input validation, allowing an attacker to execute arbitrary local code by tricking the victim into adding a malicious SSH remote.

Recommendations For Subversion versions prior to 1.8.19, update to version 1.8.19 or later. For Subversion versions 1.9.x prior to 1.9.7, update to version 1.9.7 or later. For Subversion versions 1.10.0.x through 1.10.0-alpha3, update to a version later than 1.10.0-alpha3. For git-annex versions prior to 6.20170818, update to version 6.20170818 or later. As a temporary workaround, consider restricting the use of svn+ssh:// URLs and SSH remotes to minimize the risk of exploitation. Avoid using the initremote command with an SSH remote that may contain a malicious URL.