CVE-2024-45720

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-45720
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45720.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-45720
Aliases
Downstream
Published
2024-10-09T13:15:11.337Z
Modified
2026-04-10T05:17:59.190031Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed.

All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue.

Subversion is not affected on UNIX-like platforms.

References

Affected packages

Git / github.com/apache/subversion

Affected ranges

Type
GIT
Repo
https://github.com/apache/subversion
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
75f1d47c2cc9807b8bf284ac7aee9ac6113093b6
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.14.4"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45720.json"