ALPINE-CVE-2024-45720

ALPINE-CVE-2024-45720 PUBLISHED CVSS 7.800000190734863 HIGH

On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms.

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.18	subversion	1.10.0-r0, 1.10.2-r0, 1.11.0-r0
Alpine:v3.23	subversion	1.9.7-r0, 1.14.1-r4, 1.10.0-r0
Alpine:v3.20	subversion	1.7.0-r0, 1.7.1-r0, 1.7.1-r1
Alpine:v3.22	subversion	1.8.3-r1, 1.7.9-r1, 0
Alpine:v3.21	subversion	1.14.1-r2, 1.10.0-r0, 0
Alpine:v3.19	subversion	1.7.4-r0, 1.7.5-r0, 1.7.6-r0

Timeline

Oct 9, 2024 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2024-45720 advisory

Open in Interactive Console →