Unrated severityNVD Advisory· Published Aug 28, 2007· Updated Jun 16, 2026
CVE-2007-3846
CVE-2007-3846
Description
Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:subversion:subversion:*:*:windows:*:*:*:*:*+ 1 more
- cpe:2.3:a:subversion:subversion:*:*:windows:*:*:*:*:*range: <=1.4.4
- (no CPE)range: <1.4.5
cpe:2.3:a:tortoisesvn:tortoisesvn:*:*:windows:*:*:*:*:*+ 1 more
- cpe:2.3:a:tortoisesvn:tortoisesvn:*:*:windows:*:*:*:*:*range: <=1.4.4
- (no CPE)range: <1.4.5
Patches
Vulnerability mechanics
References
13- secunia.com/advisories/26625nvdPatchVendor Advisory
- secunia.com/advisories/26632nvdPatchVendor Advisory
- subversion.tigris.org/servlets/NewsItemViewnvdPatch
- tortoisesvn.net/node/291nvdPatch
- crisp.cs.du.edunvd
- osvdb.org/40118nvd
- osvdb.org/40119nvd
- securitytracker.com/idnvd
- subversion.tigris.org/servlets/ReadMsgnvd
- www.securityfocus.com/bid/25468nvd
- www.vupen.com/english/advisories/2007/3003nvd
- www.vupen.com/english/advisories/2007/3004nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/36312nvd
News mentions
0No linked articles in our index yet.