|
|
Log in / Subscribe / Register

Arch Linux alert ASA-202105-16 (websvn)



From:
              Jonas Witschel via arch-security <arch-security@lists.archlinux.org>


To:
              arch-security@lists.archlinux.org


Subject:
              [ASA-202105-16] websvn: arbitrary command execution


Date:
              Wed, 26 May 2021 12:31:12 +0200


Message-ID:
              <20210526103112.ndckslhhfalyk344@archlinux.org>


Cc:
              Jonas Witschel <diabonas@archlinux.org>


Arch Linux Security Advisory ASA-202105-16
==========================================

Severity: High
Date    : 2021-05-25
CVE-ID  : CVE-2021-32305
Package : websvn
Type    : arbitrary command execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1969

Summary
=======

The package websvn before version 2.6.1-1 is vulnerable to arbitrary
command execution.

Resolution
==========

Upgrade to 2.6.1-1.

# pacman -Syu "websvn>=2.6.1-1"

The problem has been fixed upstream in version 2.6.1.

Workaround
==========

None.

Description
===========

WebSVN before 2.6.1 allows remote attackers to execute arbitrary
commands via shell metacharacters in the search parameter.

Impact
======

A remote attacker can execute arbitrary shell commands on the server
using a crafted search query.

References
==========

https://github.com/websvnphp/websvn/pull/142
https://github.com/websvnphp/websvn/commit/88fce56b7b9dbf...
https://security.archlinux.org/CVE-2021-32305
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds