ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-09-20T19:40:12

Updated: 2024-08-04T15:56:04.459Z

Reserved: 2020-10-01T00:00:00

Link: CVE-2020-26301

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-09-20T20:15:11.513

Modified: 2024-11-21T05:19:48.493

Link: CVE-2020-26301

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-09-20T00:00:00Z

Links: CVE-2020-26301 - Bugzilla