TortoiseSVN Remote Code Execution Vulnerability (CVE-2019-14422) Threat Alert
September 3, 2019
Overview
On August 13, local time, a researcher from a vulnerability laboratory (vxrl team) disclosed a remote code execution vulnerability (CVE-2019-14422) in TortoiseSVN.
The URI handler of TortoiseSVN (Tsvncmd:) allows a customized diff operation on Excel workbooks. This vulnerability could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. (more…)