Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Subversion: Command line argument injection on Windows platforms
Vulnerability Description
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Apache Subversion 操作系统命令注入漏洞
Vulnerability Description
Apache Subversion是美国阿帕奇(Apache)基金会的一套开源的版本控制系统。该系统可兼容并发版本系统(CVS)。 Apache Subversion 1.14.4 版本之前存在操作系统命令注入漏洞,该漏洞源于在 Windows 平台上,如果处理特制的命令行参数字符串,则命令行参数到 Subversion 可执行文件(例如 svn.exe 等)的best fit字符编码转换可能会导致意外的命令行参数解释,包括参数注入和其他程序的执行。
CVSS Information
N/A
Vulnerability Type
N/A