A maliciously constructed svn+ssh:// URL would cause Subversion clients prior to 1.8.19, 1.9.x prior to 1.9.7, and 1.10.0.x up to and including 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, , and plain (untunneled) svn://.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache subversion 1.10.0 |
||
apache subversion 1.9.4 |
||
apache subversion 1.9.6 |
||
apache subversion 1.9.3 |
||
apache subversion 1.9.1 |
||
apache subversion 1.9.5 |
||
apache subversion 1.9.0 |
||
apache subversion |
||
apache subversion 1.9.2 |
Git, Mercurial, SVN patched; CVS hasn't got around to it yet
Users of the world's most popular software version control systems can be attacked when cloning a repository over SSH. When first announced by Recurity Labs' Joern Schneeweisz, the vulnerability was attributed to Git, Mercurial and Subversion; and over the weekend, Hank Leininger of Korelogic told the OSS-Sec list the issue also affects the ancient CVS (Concurrent Versions System). Schneeweisz writes that he first spotted the issue in Git LFS (Large File Storage) in May, and worked out that an a...