### [CVE-2017-9800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9800)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Subversion&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.0.0%20to%201.8.18%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=1.9.0%20to%201.9.6%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution&color=brightgreen)

### Description

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.

### POC

#### Reference
- http://packetstormsecurity.com/files/143722/Apache-Subversion-Arbitrary-Code-Execution.html
- https://hackerone.com/reports/260005
- https://www.oracle.com/security-alerts/cpuoct2020.html

#### Github
- https://github.com/ARPSyndicate/cve-scores