CVE-2017-9800

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-9800
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9800.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-9800
Downstream
Related
Published
2017-08-11T21:29:00.587Z
Modified
2026-05-14T04:03:04.412984911Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

References

Affected packages

Git / github.com/apache/subversion

Affected ranges

Type
GIT
Repo
https://github.com/apache/subversion
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
56ceb2b5c24f5a673d868badd548db1aa0e077ac
Last affected
d5c449a05c043ec247cb68cb2bbb891779eb8566
Last affected
6a714a24a489050364efe1db2bc9ec894bbce349
Last affected
3f582fc98d82c0f76f7b9e695c53942f99560d11
Last affected
e03e7ac2e5341db1dc6646ecbd5893fc72f7d5cd
Last affected
42bf8e6f315a69eb1f9a0b293858a6d4642cc1dd
Last affected
60c3aa03fcf2328b674c5eec9ebafd66a853cb80
Last affected
7f54a57cc49b4f2d6b9eec2e1b7ebea11ec1c942
Last affected
2872254e96ee2eb1dbb6f8bc44134e08380bb20b
Last affected
5bdc0bde226a8f98e022bcbf245593bb8c8e7054
Last affected
08048c54d77ea7013725188dddd4000049dc1d19
Last affected
0949bfc66eed1ebf46803000018c7300137ab594
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": [
        "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.9.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.9.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.9.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.9.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.10.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.10.0:alpha1:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.10.0:alpha2:*:*:*:*:*:*",
        "cpe:2.3:a:apache:subversion:1.10.0:alpha3:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.8.18"
        },
        {
            "last_affected": "1.9.0"
        },
        {
            "last_affected": "1.9.1"
        },
        {
            "last_affected": "1.9.2"
        },
        {
            "last_affected": "1.9.3"
        },
        {
            "last_affected": "1.9.4"
        },
        {
            "last_affected": "1.9.5"
        },
        {
            "last_affected": "1.9.6"
        },
        {
            "last_affected": "1.10.0"
        },
        {
            "last_affected": "1.10.0-alpha1"
        },
        {
            "last_affected": "1.10.0-alpha2"
        },
        {
            "last_affected": "1.10.0-alpha3"
        }
    ]
}

Affected versions

1.*
1.10.0
1.10.0-alpha1
1.10.0-alpha2
1.10.0-alpha3
1.8.18
1.9.0
1.9.1
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9800.json"