A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2017-08-11T21:00:00Z

Updated: 2024-09-16T23:36:59.228Z

Reserved: 2017-06-21T00:00:00

Link: CVE-2017-9800

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-08-11T21:29:00.587

Modified: 2024-11-21T03:36:52.940

Link: CVE-2017-9800

cve-icon Redhat

Severity : Important

Publid Date: 2017-08-10T00:00:00Z

Links: CVE-2017-9800 - Bugzilla