Apple Xcode up to 8.3.3 subversion input validation

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in Apple Xcode up to 8.3.3 (Programming Tool Software). This affects an unknown functionality of the component subversion. Upgrading to version 9.0 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1081995801/14/2021VulD...person_nameJonathan Niedersecurityfocus.com01/14/2021accepted70
1081995701/14/2021VulD...cvss2_nvd_basescore7.5nist.gov01/14/2021accepted90
1081995601/14/2021VulD...sectracker1039127cve.mitre.org01/14/2021accepted70
1081995501/14/2021VulD...cve_nvd_summaryA maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.cve.mitre.org01/14/2021accepted70
713548111/19/2019VulD...securityfocus_classInput Validation Errorsecurityfocus.com11/19/2019accepted100
713548011/19/2019VulD...securityfocus_date1502323200 (08/10/2017)securityfocus.com11/19/2019accepted100
713547611/19/2019VulD...cve_assigned1498003200mitre.org11/19/2019accepted100
713546911/19/2019VulD...confirm_urlhttps://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2017-08-11-933099891.htmlconfluence.atlassian.com11/19/2019accepted100
713542711/19/2019VulD...discoverydate150240960011/19/2019accepted100
713550309/25/2017VulD...cvss3_nvd_basescore9.8nist.gov09/25/2017accepted90
713550209/25/2017VulD...cvss3_vuldb_rcC09/25/2017accepted90
713550109/25/2017VulD...cvss3_vuldb_rlO09/25/2017accepted90
713550009/25/2017VulD...cvss3_vuldb_eX09/25/2017accepted90
713549909/25/2017VulD...cvss2_vuldb_rcC09/25/2017accepted90
713549809/25/2017VulD...cvss2_vuldb_rlOF09/25/2017accepted90
713549709/25/2017VulD...cvss2_vuldb_eND09/25/2017accepted90
713549609/25/2017VulD...seealso93874 105248 107068 107069 107070 107071 107072 10706709/25/2017accepted100
713549509/25/2017VulD...qualys_titleUbuntu Security Notification for Subversion Vulnerabilities (USN-3388-1)qualys.com09/25/2017accepted100
713549409/25/2017VulD...qualys_id196880qualys.com09/25/2017accepted100
713549309/25/2017VulD...openvas_familyDebian Local Security Checks09/25/2017accepted100

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!