{"id":"CVE-2020-17525","details":"Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7","aliases":["BIT-subversion-2020-17525"],"modified":"2026-04-16T04:39:39.585654876Z","published":"2021-03-17T10:15:11.873Z","related":["ALSA-2021:0507","SUSE-SU-2021:0424-1","SUSE-SU-2021:0425-1","openSUSE-SU-2021:0280-1","openSUSE-SU-2024:11412-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html"},{"type":"FIX","url":"https://subversion.apache.org/security/CVE-2020-17525-advisory.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/subversion","events":[{"introduced":"d5c449a05c043ec247cb68cb2bbb891779eb8566"},{"fixed":"789e63d1f431ca38dffa1e91bd2230daf361bfb4"},{"introduced":"f6bc87d00259140249e8ff672b2913ab24ebdf86"},{"fixed":"209825a473d8fe106e52c6082d1c363f06109d2b"}],"database_specific":{"versions":[{"introduced":"1.9.0"},{"fixed":"1.10.7"},{"introduced":"1.11.0"},{"fixed":"1.14.1"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17525.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}