TortoiseSVN

TortoiseSVN Remote Code Execution Vulnerability (CVE-2019-14422) Threat Alert

September 3, 2019

Overview

On August 13, local time, a researcher from a vulnerability laboratory (vxrl team) disclosed a remote code execution vulnerability (CVE-2019-14422) in TortoiseSVN.

The URI handler of TortoiseSVN (Tsvncmd:) allows a customized diff operation on Excel workbooks. This vulnerability could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. (more…)

Search

Subscribe to the NSFOCUS Blog