Apache Subversion Hook Scripts Arbitrary Command Injection Vulnerability
Apache Subversion 1.x
A vulnerability has been reported in Apache Subversion.
The vulnerability is caused due to an input validation error in the svn-keyword-check.pl hook script while processing filenames and can be exploited to inject and execute arbitrary shell commands via a specially crafted request.
Successful exploitation requires that contrib scripts are used on the server.
The vulnerability is reported in versions 1.6.22 and prior and versions 1.7.10 and prior.
The vulnerability can be exploited by malicious users to compromise a vulnerable system.
Users to apply the patch.