Unrated severityNVD Advisory· Published Aug 28, 2007· Updated Apr 23, 2026

CVE-2007-3846

Description

Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.

Affected products

Subversion/Subversion
cpe:2.3:a:subversion:subversion:*:*:windows:*:*:*:*:*
Range: <=1.4.4
Tortoisesvn/Tortoisesvn
cpe:2.3:a:tortoisesvn:tortoisesvn:*:*:windows:*:*:*:*:*
Range: <=1.4.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/26625nvdPatchVendor Advisory
secunia.com/advisories/26632nvdPatchVendor Advisory
subversion.tigris.org/servlets/NewsItemViewnvdPatch
tortoisesvn.net/node/291nvdPatch
crisp.cs.du.edunvd
osvdb.org/40118nvd
osvdb.org/40119nvd
securitytracker.com/idnvd
subversion.tigris.org/servlets/ReadMsgnvd
www.securityfocus.com/bid/25468nvd
www.vupen.com/english/advisories/2007/3003nvd
www.vupen.com/english/advisories/2007/3004nvd
exchange.xforce.ibmcloud.com/vulnerabilities/36312nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000