CVE-2024-46901

CVE-2024-46901

Name

CVE-2024-46901

Description

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vendor-advisory	https://subversion.apache.org/security/CVE-2024-46901-advisory.txt
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/04/msg00023.html

Type

URI

vendor-advisory

https://subversion.apache.org/security/CVE-2024-46901-advisory.txt

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/04/msg00023.html

CPE URI	Source package	Min version	Max version
	apache-subversion	>= 0	<= 1.14.4
`cpe:2.3:a:apache:subversion::::::::`	subversion	>= None	< 1.14.5

CPE URI

Source package

Min version

Max version

apache-subversion

>= 0

<= 1.14.4

cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*

subversion

>= None

< 1.14.5

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
subversion	edge-main	1.14.5-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
subversion	edge-main	1.14.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
subversion	edge-main	1.14.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
subversion	edge-main	1.14.1-r0	None	possibly vulnerable
subversion	edge-main	1.12.2-r0	None	possibly vulnerable
subversion	edge-main	1.11.1-r0	None	possibly vulnerable
subversion	edge-main	1.9.7-r0	None	possibly vulnerable
subversion	3.22-main	1.14.5-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
subversion	3.22-main	1.14.4-r0	None	possibly vulnerable
subversion	3.22-main	1.14.2-r0	None	possibly vulnerable
subversion	3.22-main	1.14.1-r0	None	possibly vulnerable
subversion	3.22-main	1.12.2-r0	None	possibly vulnerable
subversion	3.22-main	1.11.1-r0	None	possibly vulnerable
subversion	3.22-main	1.9.7-r0	None	possibly vulnerable
subversion	3.21-main	1.14.5-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
subversion	3.21-main	1.14.4-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
subversion	3.21-main	1.14.2-r0	None	possibly vulnerable
subversion	3.21-main	1.14.1-r0	None	possibly vulnerable
subversion	3.21-main	1.12.2-r0	None	possibly vulnerable
subversion	3.21-main	1.11.1-r0	None	possibly vulnerable
subversion	3.21-main	1.9.7-r0	None	possibly vulnerable
subversion	3.20-main	1.14.5-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
subversion	3.20-main	1.14.3-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
subversion	3.20-main	1.14.2-r0	None	possibly vulnerable
subversion	3.20-main	1.14.1-r0	None	possibly vulnerable
subversion	3.20-main	1.12.2-r0	None	possibly vulnerable
subversion	3.20-main	1.11.1-r0	None	possibly vulnerable
subversion	3.20-main	1.9.7-r0	None	possibly vulnerable
subversion	3.19-main	1.14.5-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
subversion	3.19-main	1.14.2-r12	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
subversion	3.19-main	1.14.2-r0	None	possibly vulnerable
subversion	3.19-main	1.14.1-r0	None	possibly vulnerable
subversion	3.19-main	1.12.2-r0	None	possibly vulnerable
subversion	3.19-main	1.11.1-r0	None	possibly vulnerable
subversion	3.19-main	1.9.7-r0	None	possibly vulnerable
subversion	3.18-main	1.14.5-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages