Applies to: VisualSVN Server 5.0 and later
To help mitigate a potential security issue, the web interface of VisualSVN Server displays the following warning when a file's content includes bidirectional (BiDi) control Unicode characters:
Vulnerability description
Content of files with BiDi control characters may be interpreted differently than represented. These characters can change the behavior of source code without any visible representation. Such behavior can be considered as a potential security issue because it can be maliciously used to change code's logic by reordering source code characters. The security issue was assigned the CVE identifier CVE-2021-42574 and is also known as Trojan Source.
Resolution
If you see this warning, it is recommended to review the contents of the file in an editor that highlights BiDi control characters, for example:
- Visual Studio 2022 or later
- Visual Studio Code
You can ignore the warning if the usage of the control characters in the file is intentional.