CVE-2024-46901

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-46901
Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.

3.1 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://subversion.apache.org/security/CVE-2024-46901-advisory.txt Exploit Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00023.html Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-12-09 10:15

Updated : 2025-07-15 16:35

NVD link : CVE-2024-46901

Mitre link : CVE-2024-46901

CVE.ORG link : CVE-2024-46901

JSON object : View

Products Affected

debian

  • debian_linux

apache

  • subversion
CWE
CWE-20

Improper Input Validation

CWE-116

Improper Encoding or Escaping of Output