CVE-2020-15778ΒΆ

CVE-2020-15778
7.8 CVSS
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H https://nvd.nist.gov/vuln/detail/CVE-2020-15778

not integrated in SSH-MITM server

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Affected Software:
  • OpenSSH < 8.3