CVE-2020-15778
HIGH7.4EPSS 64.3%Published: 7/24/2020Modified: 12/3/2025
Also known as:ALPINE-CVE-2020-15778DEBIAN-CVE-2020-15778
Description
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
Affected packages (2)
- Alpine/opensshfrom 0, < 8.3_p1-r0
- Debian/opensshfrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.4 | CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |