ArchLinux: 202105-16: websvn: arbitrary command execution
Summary
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
Resolution
Upgrade to 2.6.1-1.
# pacman -Syu "websvn>=2.6.1-1"
The problem has been fixed upstream in version 2.6.1.
References
https://github.com/websvnphp/websvn/pull/142 https://github.com/websvnphp/websvn/commit/88fce56b7b9dbfc0fe2629217c3bff2c2e751920 https://security.archlinux.org/CVE-2021-32305
Workaround
None.