Updated: 2025-08-20 02:50:54.474298
Description:
Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 4.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| RHEL 7 ELS | subversion | 1.7.14 | 4.3 | MEDIUM | Released | CLSA-2025:1754649298 | 2025-08-09 01:42:49 | |
| Ubuntu 16.04 ELS | subversion | 1.9.3-2 | 4.3 | MEDIUM | Released | CLSA-2025:1754940262 | 2025-08-12 00:35:35 | |
| Ubuntu 18.04 ELS | subversion | 1.9.7-4 | 4.3 | MEDIUM | Released | CLSA-2025:1754940449 | 2025-08-12 00:35:37 |