CVE-2024-46901

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Apache Subversion versions prior to 1.14.5

Description Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod dav svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.

Recommendations For versions prior to 1.14.5, upgrade to version 1.14.5, which fixes this issue. As a temporary workaround, consider restricting access to the mod dav svn module until a patch is available. Avoid using mod dav svn to serve repositories until the issue is resolved.

Fix

DoS

RCE

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-116

Related Identifiers

ALT-PU-2024-17031

ALT-PU-2024-17033

ALT-PU-2024-17143

ALT-PU-2024-17145

AZL-54056

AZL-54063

BDU:2025-03298

BIT-SUBVERSION-2024-46901

CVE-2024-46901

DLA-4127-1

MGASA-2025-0058

OESA-2024-2538

OPENSUSE-SU-2024:14570-1

OPENSUSE-SU-2024_4366-1

SUSE-SU-2024:4366-1

SUSE-SU-2024_4366-1

SUSE-SU-2025:0871-1

SUSE-SU-2025_0871-1

USN-7818-1

USN-7818-2

Affected Products

Alt Linux

Apache Subversion

Astra Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

CVE-2024-46901

Weakness Enumeration

Related Identifiers

Affected Products

References · 52