Subversion Apache Subversion

Do you want an email whenever new security vulnerabilities are reported in Apache Subversion?

By the Year

In 2021 there have been 1 vulnerability in Apache Subversion with an average score of 7.5 out of ten. Subversion did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2021 as compared to last year.

Year Vulnerabilities Average Score
2021 1 7.50
2020 0 0.00
2019 3 7.17
2018 0 0.00

It may take a day or so for new Subversion vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apache Subversion Security Vulnerabilities

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL

CVE-2020-17525 7.5 - High - March 17, 2021

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7

NULL Pointer Dereference

In Apache Subversion versions up to and including 1.9.10

CVE-2019-0203 7.5 - High - September 26, 2019

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.

Improper Input Validation

In Apache Subversion versions up to and including 1.9.10

CVE-2018-11782 6.5 - Medium - September 26, 2019

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.

Improper Input Validation

Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.

CVE-2018-11803 7.5 - High - February 05, 2019

Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.

Access of Uninitialized Pointer

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by Apache? Click the Watch button to subscribe.

Apache
Vendor

subscribe