{"id":"BIT-subversion-2024-46901","summary":"Apache Subversion: mod_dav_svn denial-of-service via control characters in paths","details":"Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.\n\nAll versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.\n\nRepositories served via other access methods are not affected.","aliases":["CVE-2024-46901"],"modified":"2025-07-16T08:37:34.844Z","published":"2024-12-11T07:18:54.504Z","database_specific":{"cpes":["cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*"],"severity":"Medium"},"references":[{"type":"WEB","url":"https://subversion.apache.org/security/CVE-2024-46901-advisory.txt"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46901"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00023.html"}],"affected":[{"package":{"name":"subversion","ecosystem":"Bitnami","purl":"pkg:bitnami/subversion"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.14.5"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/subversion/BIT-subversion-2024-46901.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}]}],"schema_version":"1.7.3"}