Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2017-9800

Public on 2017-08-11
Modified on 2017-08-31
Description

A shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a "checkout" or "update" action on a malicious repository, or a legitimate repository containing a malicious commit.

Severity
Important
See what this means
CVSS v3 Base Score
6.3
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 mod_dav_svn 2017-08-31 16:11 ALAS-2017-883
Amazon Linux 1 subversion 2017-08-31 16:11 ALAS-2017-883

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
NVD CVSSv2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
NVD CVSSv3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H