{"id":"CVE-2024-46901","details":"Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository.\n\nAll versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue.\n\nRepositories served via other access methods are not affected.","aliases":["BIT-subversion-2024-46901"],"modified":"2026-03-09T23:56:11.671465Z","published":"2024-12-09T10:15:05.230Z","related":["MGASA-2025-0058","SUSE-SU-2024:4366-1","SUSE-SU-2025:0871-1","openSUSE-SU-2024:14570-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00023.html"},{"type":"EVIDENCE","url":"https://subversion.apache.org/security/CVE-2024-46901-advisory.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/subversion","events":[{"introduced":"0"},{"fixed":"c828a37af875249916a452481cae96df83dc67ea"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.14.5"}]}}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-46901.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}]}