CVE-2007-3846

N/A Unknown

Published: August 28, 2007 Modified: April 23, 2026

Description

Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://crisp.cs.du.edu/?q=node/36

Source: secalert@redhat.com

http://osvdb.org/40118

Source: secalert@redhat.com

http://osvdb.org/40119

Source: secalert@redhat.com

http://secunia.com/advisories/26625

Source: secalert@redhat.com

Patch Vendor Advisory

http://secunia.com/advisories/26632

Source: secalert@redhat.com

Patch Vendor Advisory

http://securitytracker.com/id?1018617

Source: secalert@redhat.com

http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941

Source: secalert@redhat.com

Patch

http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413

Source: secalert@redhat.com

http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413

Source: secalert@redhat.com

http://tortoisesvn.net/node/291

Source: secalert@redhat.com

Patch

http://www.securityfocus.com/bid/25468

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/3003

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2007/3004

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/36312

Source: secalert@redhat.com

http://crisp.cs.du.edu/?q=node/36

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/40118

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/40119

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/26625

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://secunia.com/advisories/26632

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://securitytracker.com/id?1018617

Source: af854a3a-2127-422b-91ae-364da2661108

http://subversion.tigris.org/servlets/NewsItemView?newsItemID=1941

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413

Source: af854a3a-2127-422b-91ae-364da2661108

http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413

Source: af854a3a-2127-422b-91ae-364da2661108

http://tortoisesvn.net/node/291

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/25468

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3003

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3004

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/36312

Source: af854a3a-2127-422b-91ae-364da2661108

28 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

1.6%

73th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-22

Affected Vendors

subversion tortoisesvn

Related CVEs

CVE-2026-40941 N/A

CVE-2026-40084 6.5

CVE-2026-40083 7.2

CVE-2026-40082 5.4

CVE-2026-40080 6.1