Updated: 2025-08-20 02:50:54.474298
Description:
Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 4.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | subversion | 1.14.1 | 4.3 | MEDIUM | Released | CLSA-2025:1754941300 | 2025-08-12 00:35:34 | |
| CentOS 6 ELS | subversion | 1.6.11 | 4.3 | MEDIUM | Released | CLSA-2025:1755074254 | 2025-08-23 06:48:23 | |
| CentOS 8.4 ELS | subversion | 1.10.2 | 4.3 | MEDIUM | Released | CLSA-2025:1756408610 | 2025-08-28 23:01:39 | |
| CentOS 8.5 ELS | subversion | 1.10.2 | 4.3 | MEDIUM | Released | CLSA-2025:1756409018 | 2025-08-28 23:01:37 | |
| CentOS Stream 8 ELS | subversion | 1.10.2 | 4.3 | MEDIUM | Released | CLSA-2025:1756489732 | 2025-08-29 19:43:19 | |
| CloudLinux 6 ELS | subversion | 1.6.11 | 4.3 | MEDIUM | Ignored | 2025-07-25 02:06:30 | Out of support scope | |
| CloudLinux 7 ELS | subversion | 1.7.14 | 4.3 | MEDIUM | Released | CLSA-2025:1754649752 | 2025-08-19 00:18:12 | |
| Debian 10 ELS | subversion | 1.10.4 | 4.3 | MEDIUM | Ignored | 2025-10-11 00:19:21 | Ignored due to low severity | |
| Oracle Linux 6 ELS | subversion | 1.6.11 | 4.3 | MEDIUM | Released | CLSA-2025:1755004868 | 2025-08-13 02:38:58 | |
| Oracle Linux 7 ELS | subversion | 1.7.14 | 4.3 | MEDIUM | Released | CLSA-2025:1754649017 | 2025-08-09 01:42:50 |