ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-09-20T19:40:12
Updated: 2024-08-04T15:56:04.459Z
Reserved: 2020-10-01T00:00:00
Link: CVE-2020-26301
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-09-20T20:15:11.513
Modified: 2024-11-21T05:19:48.493
Link: CVE-2020-26301
Redhat